|
|
Question : Problem: unable to configure external client to receive pop mail
|
|
I am in the process of configuring pop mail on my server at home. I can set up my clients inside my network and they receive all mail sent to them. However, when I am outside of my network I am unable to configure outlook. It will not authenticate. Also, when I configure my internal e-mail clients, I have to use my internal servers ip address, 192.168.X.X, not the domain name, mail.alabamaebaugh.com. From the inside and outside I can telnet to my mail server ports 110 and 25. I am thinking it is a nat issue on my 2600.
Here is my config: version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname 2620 ! boot-start-marker boot-end-marker ! enable secret enable password ! memory-size iomem 15 no aaa new-model ip subnet-zero ! ! ip domain name alabamaebaugh.com ip name-server ip name-server ip dhcp excluded-address 192.168.1.1 192.168.1.30 ip dhcp excluded-address 192.168.1.150 192.168.1.255 ! ip dhcp pool 192.168.1.0/24 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 ! no ip bootp server ip cef ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside speed auto full-duplex ! interface Serial0/0 no ip address shutdown ! interface FastEthernet1/0 ip address 24.214.175.252 255.255.255.0 ip access-group 1 in ip nat outside full-duplex ! ip nat inside source list 1 interface FastEthernet1/0 overload ip nat inside source static tcp 192.168.1.102 3389 24.214.175.252 3389 extendable ip nat inside source static tcp 192.168.1.102 21 24.214.175.252 21 extendable ip nat inside source static tcp 192.168.1.28 22 24.214.175.252 22 extendable ip nat inside source static tcp 192.168.1.1 23 24.214.175.252 23 extendable ip nat inside source static tcp 192.168.1.10 515 24.214.175.252 515 extendable ip nat inside source static tcp 192.168.1.102 443 24.214.175.252 443 extendable ip nat inside source static tcp 192.198.1.102 8099 24.214.175.252 8099 extendable ip nat inside source static tcp 192.198.1.102 8098 24.214.175.252 8098 extendable ip nat inside source static tcp 192.168.1.102 25 24.214.175.252 25 extendable ip nat inside source static tcp 192.168.1.102 110 24.214.175.252 110 extendable ip http server ip classless ip route 0.0.0.0 0.0.0.0 24.214.175.1 ! ! access-list 1 deny 63.245.209.31 access-list 1 deny 220.128.237.183 access-list 1 deny 202.75.55.169 access-list 1 deny 198.78.220.126 access-list 1 deny 63.245.209.49 access-list 1 deny 72.246.30.145 access-list 1 deny 125.79.18.26 access-list 1 deny 207.46.211.124 access-list 1 deny 89.32.206.218 access-list 1 deny 61.129.52.230 access-list 1 deny 192.168.2.17 access-list 1 deny 204.160.105.126 access-list 1 deny 212.244.126.217 access-list 1 deny 219.94.148.158 access-list 1 deny 64.202.165.178 access-list 1 deny 221.174.24.197 access-list 1 deny 222.200.161.12 access-list 1 deny 222.181.93.230 access-list 1 deny 65.55.184.29 access-list 1 deny 64.4.23.190 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 1 permit any ! line con 0 password login line aux 0 line vty 0 4 password login ! ! end
Here is my nat translation 2620#show ip nat translation Pro Inside global Inside local Outside local Outside global tcp 24.214.175.252:479 24.214.175.252:80 65.214.44.129:44873 65.214.44.129:448 3 tcp 24.214.175.252:8098 192.198.1.102:8098 --- --- tcp 24.214.175.252:8099 192.198.1.102:8099 --- --- tcp 24.214.175.252:21 192.168.1.102:21 --- --- tcp 24.214.175.252:22 192.168.1.28:22 --- --- tcp 24.214.175.252:23 192.168.1.1:23 --- --- tcp 24.214.175.252:25 192.168.1.102:25 --- --- tcp 24.214.175.252:496 24.214.175.252:80 4.79.142.206:60204 4.79.142.206:60204 tcp 24.214.175.252:477 24.214.175.252:80 65.214.44.129:43034 65.214.44.129:4304 tcp 24.214.175.252:110 192.168.1.102:110 --- --- tcp 24.214.175.252:485 24.214.175.252:80 63.123.238.8:55623 63.123.238.8:55623 tcp 24.214.175.252:489 24.214.175.252:80 65.214.44.129:34965 65.214.44.129:3495 tcp 24.214.175.252:443 192.168.1.102:443 --- --- tcp 24.214.175.252:515 192.168.1.10:515 --- --- tcp 24.214.175.252:6 24.214.175.252:80 63.123.238.8:11486 63.123.238.8:11486 tcp 24.214.175.252:475 24.214.175.252:80 65.214.44.129:60050 65.214.44.129:6000 tcp 24.214.175.252:4413 192.168.1.37:4413 199.106.209.226:80 199.106.209.226:80 tcp 24.214.175.252:491 24.214.175.252:80 65.214.44.129:43690 65.214.44.129:4360 Pro Inside global Inside local Outside local Outside global tcp 24.214.175.252:1695 192.168.1.102:1695 72.5.124.55:80 72.5.124.55:80 tcp 24.214.175.252:23 192.168.1.1:23 69.18.92.132:49761 69.18.92.132:49761 tcp 24.214.175.252:2 24.214.175.252:80 63.123.238.8:1702 63.123.238.8:1702 tcp 24.214.175.252:504 24.214.175.252:80 65.214.44.129:40095 65.214.44.129:4005 tcp 24.214.175.252:3389 192.168.1.102:3389 --- --- tcp 24.214.175.252:493 24.214.175.252:80 65.214.44.129:58727 65.214.44.129:5877 tcp 24.214.175.252:481 24.214.175.252:80 63.123.238.8:40814 63.123.238.8:40814
|
Answer : Problem: unable to configure external client to receive pop mail
|
|
The second problem is indeed a NAT issue. On IOS, I do not believe there is a mechanism to hairpin NAT like the PIX/ASA platform will now do. This is due to the fact that packet has to traverse the IOS from an outside NAT interface to an inside NAT interface (or vice vs) in order to be NATted.
The first problem is a problem with your Outlook client configuration. When I try to POP into your address 24.214.175.252, I get the following:
+OK <[email protected]aebaugh.com>, POP3 server ready.
This means your router is NATting properly and is allowing access. Nothing you change on the router will therefore fix your authentication problem.
Furthermore, you should not use the same ACL for your NAT list and your filter list.
Delete all of the deny entries, as well as the permit any from access-list 1 and put them in access-list 2. Then apply access-group 2 to the interface.
HTH
kr
|
|
|
|