Solved

Unable to retrieve mail from Webserver after installing new router

Posted on 2008-10-14
1
231 Views
Last Modified: 2012-05-05
 I currently have a Cisco 1830 router that I am replacing with a Cisco 2821.  I have setup the 2821 with the same configs as the 1830 however when I go live on the 2821 I am no longer able to retrieve mail from the webserver nor am I able to telnet the exchange server like I was with the 1830.  I am able to get out on the net and everything else looks pretty normal.
  I have enclosed both Configs starting with the 1830 first and then the 2821. Other than the IOS being updated and some few "minor" differences I don't see where the drop off is.    Thanks for taking a look in advance


  Cisco 1830 Config

version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname u174819
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $xxxxxxxxxxxxxxxxxxxxxxxx
!
username xxxxxxxxx secret 5 $xxxxxxxxxxxxxxxx
username xxxxxxxxx privilege 15 secret 5 $xxxxxxxxxxxxxx
username xxxxxxxxx secret 5 $xxxxxxxxxxxxxxxxx
username xxxxxxxxx secret 5 $xxxxxxxxxxxxxxxxxxx
memory-size iomem 15
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef

no ip bootp server

controller T1 0/0
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64
!
controller T1 0/1
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64

interface MFR1
 mtu 4470
 no ip address
 ip access-group 101 in
 no ip redirects
 no ip route-cache cef
 no ip mroute-cache
 load-interval 30
 no arp frame-relay
 frame-relay multilink bid to gw
 frame-relay lmi-type ansi
!
interface MFR1.500 point-to-point
 ip address xx.xx.xx.xx xxx.xxx.xxx.xxx(Same as in 2821 Config)
 ip access-group 101 in
 no ip redirects
 no arp frame-relay
 no cdp enable
 frame-relay interface-dlci 500 IETF  
!
interface FastEthernet0/0
 ip address xxx.xxx.xxx.x 255.255.255.0(Same as in 2821 Config)
 ip access-group 102 in
 speed auto
 full-duplex
 no keepalive
 no cdp enable
!
interface Serial0/0:0
 mtu 4470
 bandwidth 1536
 no ip address
 ip access-group 101 in
 no ip redirects
 no ip proxy-arp  
 encapsulation frame-relay MFR1
 no arp frame-relay
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/1:0
 mtu 4470
 bandwidth 1536
 no ip address
 ip access-group 101 in
 no ip redirects
 no ip proxy-arp  
 encapsulation frame-relay MFR1
 no arp frame-relay
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 MFR1.500

  All the following routes are the exactly the same in both Routers
ip route xxx.xxx.xxx.x xxx.xxx.xxx.xxx xxx.xxx.xxx.x
!
!
  Access-List is identical to the Cisco 2821

access-list 101 permit icmp host
access-list 101 deny   ip any host xxx.xxx.xxx.xxx (identical
access-list 101 deny   udp any any eq 1434
access-list 101 permit ip any any
access-list 102 deny   ip any host xxx.xxx.xx.xxx
access-list 102 deny   udp any any eq 1434
access-list 102 permit icmp xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
access-list 102 permit ip any any
no cdp run

dial-peer cor custom

banner motd ^C
Unauthorized access to the xxxxxxxxxxxxxx computer system is prohibited by laws, see 18 U.S.C. 1030. Any unauthorized use of the system is unlawful and may subject the user to civil and/or criminal penalties.
^C
!
line con 0
 exec-timeout 5 0
 logging synchronous
 login local
line aux 0
 exec-timeout 5 0
 login local
line vty 0 4
 exec-timeout 5 0
 login local
!
!
end
u174819#

                  Cisco 2821 Configs:
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Border
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
no logging console
enable secret 5 $xxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
memory-size iomem 15
no network-clock-participate wic 0
!
ip source-route

ip cef

no ip bootp server
multilink bundle-name authenticated
!
username xxxxxxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxx
archive
 log config
  hidekeys

controller T1 0/0/0
 framing esf
 linecode b8zs
 cablelength long 0db
 channel-group 0 timeslots 1-24
!
controller T1 0/0/1
 framing esf
 linecode b8zs
 cablelength long 0db
 channel-group 0 timeslots 1-24

interface MFR1
 mtu 4470
 no ip address
 ip access-group 101 in
 no ip redirects
 no ip route-cache cef
 no ip mroute-cache
 load-interval 30
 no arp frame-relay
 frame-relay multilink bid to gw
 frame-relay lmi-type ansi
!
interface MFR1.500 point-to-point
 ip address xxx.xxx.xxx.xxx 255.255.255.252
 ip access-group 101 in
 no ip redirects
 snmp trap link-status
 no cdp enabletrap link
 no arp frame-relay
 frame-relay interface-dlci 500 IETF  
!
interface GigabitEthernet0/0
 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
 ip access-group 102 in
 duplex full
 speed auto
 no keepalive
 no cdp enable
!
interface GigabitEthernet0/1
 ip address xx.xx.xx.xx xxx.xxx.xxx.xxx
 duplex auto
 speed auto
!
interface Serial0/0/0:0
 mtu 4470
 bandwidth 1536
 no ip address
 ip access-group 101 in
 no ip redirects
 no ip proxy-arp
 encapsulation frame-relay MFR1
 no arp frame-relay
!
interface Serial0/0/1:0
 mtu 4470
 bandwidth 1536
 no ip address
 ip access-group 101 in
 no ip redirects
 no ip proxy-arp
 encapsulation frame-relay MFR1
 no arp frame-relay
!
ip forward-protocol nd
ip route  (Same as the Cisco 1830 Config)
!
no ip http server
no ip http secure-server

access-list (Same as 2821 Config)
access-list 101 deny   ip any host xx.xx.xx.xx
access-list 101 deny   udp any any eq 1434
access-list 101 permit ip any any
access-list 102 deny   ip any host xx.xx.xx.xx
access-list 102 deny   udp any any eq 1434
access-list 102 permit icmp xxx.xxx.xxx.xx host xxx.xxx.xxx.xxx
access-list 102 permit ip any any
no cdp run

control-plane
!
banner motd C
Unauthorized access to the xxxxxxxxxx    computer system is prohibited by laws, see 18 U.S.C. 1030. Any unauthorized use of the system is unlawful and may subject the user to civil and/or criminal penalties.

!
line con 0
 exec-timeout 0 0
 password 7 xxxxxxxxxxxxxxxxx
 logging synchronous
 login
line aux 0
line vty 0 4
 no login
!
scheduler allocate 20000 1000
end

0
Comment
Question by:mdelanoche
1 Comment
 
LVL 15

Accepted Solution

by:
bkepford earned 400 total points
Comment Utility
I don't see a difference but I would start by remmoving the ip access-group from the interfaces and see if you can get in. That way you know if it is a routing problem or a ACL problem. If you can get in I would start putting the ACLs back one at a time until I got to the offending ACL.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now