Cisco 851 router not allowing send mail...

Discussion in 'Cisco' started by TFC, Feb 20, 2006.

  TFC

    TFC Guest

    I am having a hard time with this one so any help is needed and
    appreciated - I'm running out of options.
    I setup a Cisco 851w using the SDM gui. I'm not a CCNxxx anything just
    a lan admin but I can understand most of it.

    All works ok including vpn connections, etc. here's the weird thing.

    For inside pc clients on the lan who are not using a mail client like
    Some internet mail works ok, some don't. Rogers and yahoo email works
    Gmail, Neomail, hotmail do not. Specifically I can receive mail from
    these but I can't send. When trying to send it just just hangs and
    times out. And yes, when I bypass the router and go straight thru the
    dsl modem all is ok.
    I've tried opening up the firewall, wiping out the acls and it still
    happens. Its drivin me a bit crazy cause it makes no sense but its
    happening. I thought it was the dsl modem. It was changed, no help.
    Thought it was firewalls, nope, disabled all of it for testing.

    Fact remains that when I take the router out of the loop, all works ok.
    Cisco have tried but they can't find it...they say it looks ok. So much
    for that.
    Anyone have similar?
    I've read stuff about the natchi worm mitigation..where's that in the
    Could MTU rate change help? Not sure where that's changed...
    What else on the router can cause this?

    TFC, Feb 20, 2006
  DMc

    DMc Guest

    Post your config
    DMc, Feb 20, 2006
  3. When implemented according to Cisco's instructions, this blocks
    ICMP packets of a very specific length.

    When implemented with the wrong ACL name, it ends up blocking
    -all- packets that happen to be that very specific length. But
    when -that- happens, you can still telnet through to an SMTP port
    and type in commands manually, unless you happen to hit the magic
    packet length. Another way of phrasing this is that if you end up
    blocking all packets that are -exactly- that specific packet length,
    then you will be able to get part way through the conversations
    that fail... and to get all the way through other conversations that use
    even one character difference in the line length.
    Walter Roberson, Feb 20, 2006
  4. Not an MTU -rate- change, as MTU's don't have rates (if they
    did, there were probably be an applicable services tax... ;-) )

    MTU problems can certainly lead to intermittant results like
    what you are seeing, but it is more typical to see the problem when
    -receiving- data from those sites than when sending data to them.
    But it could happen in either direction.

    You mentioned that you tried wiping out the ACLs in both directions.
    You might have to specifically permit "icmp unreachable" inward,
    if you have ip inspection turned on.
    Walter Roberson, Feb 20, 2006
  Merv

    Merv Guest

    Merv, Feb 20, 2006
  TFC

    TFC Guest

    Thanks - At one point we turned off the firewall and deleted the acls.
    Cisco were on the phone with me at the time and they couln't see why
    this would happen. So if they can't tell me, then what's a guy to
    do??!!! I'm not exactly thrilled with their level of support.
    I'm a newbie when it comes to routers of this level. Are you saying
    that I would still have to explicedly allow certain things? When I see
    this problem happening using i.e. gmail or neomail, the iexplorer
    message says i.e..waiting for and doesn't move from

    Isn't the MTU set at a default rate something like 1472 and it can be
    tweaked? I've changed this with other routers like a linksys...

    I still don't get it how just sending email using web mail can hang.
    What is it that the router doesn't like here?
    Will check out icmp stuff . thanks.
    TFC, Feb 20, 2006
  TFC

    TFC Guest

    am checking it out . thanks
    TFC, Feb 20, 2006
