Dear List,
Been reading the list and learning lots of cool things over the past few
months. This is the first time I have posted, and I have some questions
regarding NAT.
We have a T1 coming into the office on Cisco 1604 with an internal
serial WIC. All of my internal to external NAT translastions are working
fine. Where I am running into trouble is doing an external to internal
translation for my email server.
I am trying to understand what exactly the nat commands are doing - I
haven't been able to find real good documentation on the commands. What I
have found on Cisco's site seems pretty basic to me.
My mail server's internal IP is 172.16.2.4, the external is
216.143.254.250. When I put in this command:
ip nat inside source static 172.16.2.4 216.143.254.250,
everything works well, but it appears that that command opens all ports.
When I remove that command and put in:
ip nat inside source static tcp 172.16.2.4. 25 216.143.254.250 25
ip nat inside source static tcp 172.16.2.4 110 216.143.254.250 110,
mail transfers fine, but then I can no long ping the server externally -
which I would like to be able to do to check for problems at home. The other
problem is, when I have all ports open with the first nat command, my users
can resolve our DNS name to the internal address of 172.16.2.4. When I use
the second commands I listed (effectively closing other ports), the internal
clients resolve the name to the external IP address and is noticeably slower
transferring mail. It's as though it is sending mail over the T1 to the port
on the other side and back to the server.
So my questions is this: what series of nat commands (or ACL's) do I
effectively close all the unused ports on my internal mail server from the
outside, but still be able to ping remotely and have the internal users
resolve the name to the internal address?
Thanks in advance to all who offer help!
Stephen Hoover
Dallas, Texas
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
