Hi,
I am currently working out a small problem that I can't seem to get past.
I'm trying to get our mail server, an Exchange box, out of the DMZ, and
behind a Cisco 3640. Right now, it looks like this:
1.2.3.5
|----------| |`````````````````|
|``````````````````````|
-------------| DSL |-----|----| Exchange |---------------------|
|
|----------| | |-----------------| 10.1.1.2 |
| 10.1.1.x
| |
hub to network |-----
| |
|
| |```````````|10.1.1.1 |
|
|--------------| 3640 | |
|
|w/NAT |-----------------|
|
1.2.3.4 |-----------|
|-----------------------|
|
| 10.1.3.x etc
To other networks
One interface the Exchange and one on the 3640 have public addresses, the
rest of the network is private. The problem I am having is mail connections
were getting rejected . I had the router doing NAT, allowing all
connections. I figured I would tighten it up one I got it working. The DSL
is a bridge only, no routing.
Is there a way to have the mail server behind the router when doing NAT?
I believe there is, but have been unable to get it to work. Currently, I
only have basic knowledge in router configuration. The configuration I
tried was:
interface FastEthernet0/0
description connected LAN
ip address 10.1.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
interface FastEthernet2/0
description connected to Internet
ip address 1.2.3.4 255.255.255.0
no ip directed-broadcast
ip nat outside
ip nat inside source list 1 interface FastEthernet2/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet2/0
ip route 10.1.1.0 255.255.255.0 10.1.1.1
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 101 permit tcp any 1.2.3.0 0.0.0.255 established
access-list 101 permit tcp any host 10.1.1.2 eq smtp
I thought it should work, it didn't.
Ultimately, I would like to use one outside address, have all the traffic
go through the router, with the Exchange box behind the router.
Any ideas on how I was mucking it up?
Thanks
Michael Bitow
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:34 PDT