Solved

setting up SMTP redirect on Cisco 1841 router

Posted on 2008-10-07
5
2,070 Views
Last Modified: 2012-05-05
I'm having trouble setting up SMTP redirect on a 1841 router. Basic configuratation. One external IP, 1841 setup as DHCP server handing out IPs in the 10.0.0.40- 10.0.0.254 range. I just need to have any SMTP traffic from the internal range sent to our ISP's SMTP server at 206.47.199.115.

Got frustrated and started over from scratch and will wait on the experts to tell me where to go from here. Running-config is below
Building configuration...
 

Current configuration : 3324 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname hotelguests

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$7Q/b$BM5wTp0koeW2duZGFRt4M0

!

no aaa new-model

!

resource policy

!

clock timezone PCTime -4

clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

no ip dhcp use vrf connected

ip dhcp excluded-address 10.0.0.1 10.0.0.39

!

ip dhcp pool sdm-pool1

   import all

   network 10.0.0.0 255.255.255.0

   dns-server 142.177.xxx.xxx 142.177.xxx.xxx 

   default-router 10.0.0.1 

!

!

no ip bootp server

ip domain name mydomain.com

ip name-server 142.177.xxx.xxx

ip name-server 142.177.xxx.xxx

!

username myname privilege 15 secret 5 $1$hzs4$dL8Nrn6rEJsZ.QYWqSb0R/

!

!

!

interface FastEthernet0/0

 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$

 ip address 10.0.0.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat inside

 ip route-cache flow

 duplex auto

 speed auto

 no mop enabled

!

interface FastEthernet0/1

 description $ES_WAN$$FW_OUTSIDE$

 ip address 142.176.xxx.xxx 255.255.255.240

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat outside

 ip route-cache flow

 duplex auto

 speed auto

 no mop enabled

!

ip classless

ip route 0.0.0.0 0.0.0.0 142.176.xxx.xxx permanent

!

ip http server

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet0/1 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=FastEthernet0/0

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.0.0.0 0.0.0.255

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

 

Cisco Router and Security Device Manager (SDM) is installed on this device and 

it provides the default username "cisco" for  one-time use. If you have already 

used the username "cisco" to login to the router and your IOS image supports the 

"one-time" user option, then this username has already expired. You will not be 

able to login to the router with this username after you exit this session.

 

It is strongly suggested that you create a new username with a privilege level 

of 15 using the following command.

 

username <myuser> privilege 15 secret 0 <mypassword>

 

Replace <myuser> and <mypassword> with the username and password you want to 

use.

 

-----------------------------------------------------------------------

^C

banner login ^CAuthorized access only!

 Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

 login local

 transport output telnet

line aux 0

 login local

 transport output telnet

line vty 0 4

 privilege level 15

 login local

 transport input telnet

line vty 5 15

 privilege level 15

 login local

 transport input telnet

!

scheduler allocate 4000 1000

end

Open in new window

0
Comment
Question by:huntleyj
  • 3
  • 2
5 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22659924
If you are talking about outgoing SMTP going to your ISP, this isn't handled on the router but rather on the SMTP relay portion of your mail application.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22660015
Or, are you looking to restrict outgoing SMTP to only your ISP's server?
0
 
LVL 3

Author Comment

by:huntleyj
ID: 22660318
Looking to redirect all outgoing SMTP traffic to our ISP.
Scenario:
Guest A has his email client setup to use Verizon's SMTP server. Unfortunatley Verizon's SMTP server is not accessable from our ISP's network. Therefore I have to redirect all outbound SMTP traffic to our ISPs SMTP server or else User A will not be able to send e-mails.
This is for a hotel so having every guest change thier SMTP setting in their e-mail client is not really an option.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22661375
You can try using "Outside NAT" with an access-list matching the SMTP port but I've never tried this so I can't guarantee success.

Try adding this (leave your current NAT config alone):

conf t
ip access-list ext nat-smtp
deny <your internal SMTP servers if applicable>
permit tcp any any eq 25
permit tcp any eq 25 any

ip nat pool isp-smtp 206.47.199.115 206.47.199.115 netmask 255.255.255.0
ip nat outside source list nat-smtp pool isp-smtp

Couple things to note:

If your ISP does any kind of authentication, it won't work.  Also, if anything is in the SMTP Payload of the packet that is significant to their ISP, it may not work.
0
 
LVL 3

Author Closing Comment

by:huntleyj
ID: 31503857
Sweeet. Worked like a charm!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
1 WAN to 2 LAN 4 61
Routing VLANs 5 46
Iptables and mirroring ports 4 46
iPad Won't Connect 16 40
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now