Hi, I am currently working out a small problem that I can't seem to get past. I'm trying to get our mail server, an Exchange box, out of the DMZ, and behind a Cisco 3640. Right now, it looks like this: 1.2.3.5 |----------| |`````````````````| |``````````````````````| -------------| DSL |-----|----| Exchange |---------------------| | |----------| | |-----------------| 10.1.1.2 | | 10.1.1.x | | hub to network |----- | | | | |```````````|10.1.1.1 | | |--------------| 3640 | | | |w/NAT |-----------------| | 1.2.3.4 |-----------| |-----------------------| | | 10.1.3.x etc To other networks One interface the Exchange and one on the 3640 have public addresses, the rest of the network is private. The problem I am having is mail connections were getting rejected . I had the router doing NAT, allowing all connections. I figured I would tighten it up one I got it working. The DSL is a bridge only, no routing. Is there a way to have the mail server behind the router when doing NAT? I believe there is, but have been unable to get it to work. Currently, I only have basic knowledge in router configuration. The configuration I tried was: interface FastEthernet0/0 description connected LAN ip address 10.1.1.1 255.255.255.0 no ip directed-broadcast ip nat inside interface FastEthernet2/0 description connected to Internet ip address 1.2.3.4 255.255.255.0 no ip directed-broadcast ip nat outside ip nat inside source list 1 interface FastEthernet2/0 overload ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet2/0 ip route 10.1.1.0 255.255.255.0 10.1.1.1 access-list 1 permit 10.1.1.0 0.0.0.255 access-list 101 permit tcp any 1.2.3.0 0.0.0.255 established access-list 101 permit tcp any host 10.1.1.2 eq smtp I thought it should work, it didn't. Ultimately, I would like to use one outside address, have all the traffic go through the router, with the Exchange box behind the router. Any ideas on how I was mucking it up? Thanks Michael Bitow
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:34 PDT