Static + Dynamic NAT with 801 Router

Discussion in 'Cisco' started by Dan Green, Nov 10, 2003.

  1. Dan Green

    Dan Green Guest

    Hi All,

    I have the following config on an 801:

    interface Dialer 0
    ip nat outside
    ip address A.B.C.88 255.255.255.192

    interface Ethernet 0
    ip nat inside
    ip address 192.168.42.1 255.255.255.0

    ip nat inside source list 50 Dialer 0 overload
    ip nat inside source static tcp 192.168.42.131 25 D.E.F.150 25
    extendable
    ! D.E.F is different to A.B.C above, we have 2 public IP ranges
    allocated

    access-list 50 deny host 192.168.42.131
    access-list 50 permit 192.168.42.0 0.0.0.255

    According to Cisco documentation, the deny line is needed for static
    NAT, however, it means that the server can't get out at all because
    I'm only translating port 25.

    Ideally, I would like all traffic originating from the email server
    addressed to port 25 somewhere (ie, sending SMTP traffic outside) to
    appear to come from D.E.F.150, but all other traffic from that server
    to appear to come from the Dialer0 address.

    If I remove the deny line, the server can send outgoing SMTP mail, but
    it appears to come from the Dialer0 address (as expected), but I
    anticipate problems with this from external servers who do a DNS
    lookup.

    Hope that all made sense, and I look forward to hearing from you as to
    how to configure the intended set-up (if possible).

    cheers,
    Dan
     
    Dan Green, Nov 10, 2003
    #1
    1. Advertisements

  2. Dan Green

    Tim Thorne Guest

    You'll need two instances of dynamic NAT to make it work. I'm
    presuming that you intend your email server to send and receive
    traffic on the same IP.
    Tim
     
    Tim Thorne, Nov 10, 2003
    #2
    1. Advertisements

  3. Dan Green

    Dan Green Guest

    Thanks a heap Tim, that works beatifully :)

    Dan
     
    Dan Green, Nov 11, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.