Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: problem with overloading

problem with overloading 7 years 5 months ago #30730

  • dmourghen
  • dmourghen's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
access-list 2 permit any

ip nat pool ToInternet xx.xxx.xxx.xxx xxx.xxx.xxx.xxxnetmask 255.255.255.248

ip nat inside source list 2 pool ToInternet overload

ip nat inside source static tcp xx.xx.xx.199 25 xx.xx.xx.xx 25

ip nat inside source static tcp xx.xx.xx.12 80 xx.xx.xx.xx 80

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 110. Blackberry Access

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 1352. Lotus Monitoring Tool

My problem is that it works and then after sometimes It stops to send mails but I do receive my mails. Furthermore I need to clear my ip nat translations to receive again.

Thanks to advise.
The administrator has disabled public write access.

Re: problem with overloading 7 years 5 months ago #30744

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
In the last two lines,

[code:1]ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 110. Blackberry Access

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 1352. Lotus Monitoring Tool [/code:1]

You are mapping both global ports 1352 and 110 to the same port 110 to what appears to be the same IP xx.xx.xx.12. Are you sure this is not a typo or is this meant?

For your problem with mail. I'd try to isolate the problem by simplifying the config. You could temporarily delete those lines:

[code:1]ip nat inside source static tcp xx.xx.xx.12 80 xx.xx.xx.xx 80

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 110. Blackberry Access

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 1352. Lotus Monitoring Tool [/code:1]

See if the problem comes again. If it doesn't, you could add the other commands one by one until you catch the problem again.

ps. It would help if you post your whole config.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Full configs 7 years 5 months ago #30767

  • dmourghen
  • dmourghen's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
Building configuration...

Current configuration : 1837 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rtcisco
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 xhgghjgyhghjghjghjg
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host cisco 11.1.1.51 cisco enable
ip rcmd remote-host cisco 11.1.2.51 cisco enable
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.10 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 192.168.50.170 255.255.255.252
ip nat outside
encapsulation frame-relay IETF
frame-relay interfac
frame-relay lmi-type q933a
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.50.169
ip route 11.1.1.0 255.255.255.0 192.168.2.1
ip route 11.1.2.0 255.255.255.0 192.168.2.1
!
no ip http server
ip nat pool ToInternet 198.30.63.64 198.30.63.64 netmask 255.255.255.248
ip nat inside source list 2 pool ToInternet overload
ip nat inside source static tcp 192.168.2.199 25 198.30.63.64 25 extendable (Barracuda Anti-Spam Device)
ip nat inside source static tcp 192.168.2.23 80 198.30.63.64 80 extendable (For Web Mail Access)
ip nat inside source static tcp 192.168.2.23 110 198.30.63.64 110 extendable (For blackberry Access)
ip nat inside source static tcp 192.168.2.23 1352 198.30.63.64 1352 extendable (For Lotus Domino Monitoring)
ip nat inside source static 192.168.2.24 198.30.63.64 (Access Router outside)
!
logging source-interface FastEthernet0/0
logging 11.1.1.31
logging 11.1.2.31
access-list 2 permit any
snmp-server community mimidou RO
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password 7 xhgghjgyhghjghjghjg
login
!
end

Ammar this is the full configs, I am really stuck with that, the mails comes in but does not go out. But when I clear the ip nat it seems to be ok. Our spam is Barracuda.
The administrator has disabled public write access.

Re: problem with overloading 7 years 5 months ago #30768

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Do you still have internet access when the problem happens? I mean can your LAN hosts browse internet normally after the problem occurs?

I'm asking because you have only one public IP (198.30.63.64) for the NAT pool but your using it to do both dynamic NAT and static NAT. Usually, you need at least one additional IP to do static NAT.

Check to see what happens if you remove the following line:

[code:1]ip nat inside source static 192.168.2.24 198.30.63.64[/code:1]
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

No 7 years 5 months ago #30769

  • dmourghen
  • dmourghen's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
Do you still have internet access when the problem happens? I mean can your LAN hosts browse internet normally after the problem occurs?


No we don;t have internet access. and actually it a mail server and the mails does not go out.


I'm asking because you have only one public IP (198.30.63.64) for the NAT pool but your using it to do both dynamic NAT and static NAT. Usually, you need at least one additional IP to do static NAT.



Well we have another addres which is 198.30.63.65 but when we this one as nat pool when people send mails , it prompts that there is no reverse DNS
.



Check to see what happens if you remove the following line:

Nothing happens when I remove the lines. its the same as before.
The administrator has disabled public write access.

Som other info 7 years 5 months ago #30773

  • dmourghen
  • dmourghen's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
I have noted that there is anlot of traffic coming out and port 135 and 445 is highly being used by the router.

the server has symantec and all patch has been applied on the server.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup