Skip to main content

problem with overloading

More
15 years 3 weeks ago #30730 by dmourghen
access-list 2 permit any

ip nat pool ToInternet xx.xxx.xxx.xxx xxx.xxx.xxx.xxxnetmask 255.255.255.248

ip nat inside source list 2 pool ToInternet overload

ip nat inside source static tcp xx.xx.xx.199 25 xx.xx.xx.xx 25

ip nat inside source static tcp xx.xx.xx.12 80 xx.xx.xx.xx 80

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 110. Blackberry Access

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 1352. Lotus Monitoring Tool

My problem is that it works and then after sometimes It stops to send mails but I do receive my mails. Furthermore I need to clear my ip nat translations to receive again.

Thanks to advise.
More
15 years 3 weeks ago #30744 by S0lo
Replied by S0lo on topic Re: problem with overloading
In the last two lines,

[code:1]ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 110. Blackberry Access

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 1352. Lotus Monitoring Tool [/code:1]

You are mapping both global ports 1352 and 110 to the same port 110 to what appears to be the same IP xx.xx.xx.12. Are you sure this is not a typo or is this meant?

For your problem with mail. I'd try to isolate the problem by simplifying the config. You could temporarily delete those lines:

[code:1]ip nat inside source static tcp xx.xx.xx.12 80 xx.xx.xx.xx 80

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 110. Blackberry Access

ip nat inside source static tcp xx.xx.xx.12 110 xx.xx.xx.xx 1352. Lotus Monitoring Tool [/code:1]

See if the problem comes again. If it doesn't, you could add the other commands one by one until you catch the problem again.

ps. It would help if you post your whole config.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
15 years 3 weeks ago #30767 by dmourghen
Replied by dmourghen on topic Full configs
Building configuration...

Current configuration : 1837 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rtcisco
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 xhgghjgyhghjghjghjg
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host cisco 11.1.1.51 cisco enable
ip rcmd remote-host cisco 11.1.2.51 cisco enable
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.10 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 192.168.50.170 255.255.255.252
ip nat outside
encapsulation frame-relay IETF
frame-relay interfac
frame-relay lmi-type q933a
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.50.169
ip route 11.1.1.0 255.255.255.0 192.168.2.1
ip route 11.1.2.0 255.255.255.0 192.168.2.1
!
no ip http server
ip nat pool ToInternet 198.30.63.64 198.30.63.64 netmask 255.255.255.248
ip nat inside source list 2 pool ToInternet overload
ip nat inside source static tcp 192.168.2.199 25 198.30.63.64 25 extendable (Barracuda Anti-Spam Device)
ip nat inside source static tcp 192.168.2.23 80 198.30.63.64 80 extendable (For Web Mail Access)
ip nat inside source static tcp 192.168.2.23 110 198.30.63.64 110 extendable (For blackberry Access)
ip nat inside source static tcp 192.168.2.23 1352 198.30.63.64 1352 extendable (For Lotus Domino Monitoring)
ip nat inside source static 192.168.2.24 198.30.63.64 (Access Router outside)
!
logging source-interface FastEthernet0/0
logging 11.1.1.31
logging 11.1.2.31
access-list 2 permit any
snmp-server community mimidou RO
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password 7 xhgghjgyhghjghjghjg
login
!
end

Ammar this is the full configs, I am really stuck with that, the mails comes in but does not go out. But when I clear the ip nat it seems to be ok. Our spam is Barracuda.
More
15 years 3 weeks ago #30768 by S0lo
Replied by S0lo on topic Re: problem with overloading
Do you still have internet access when the problem happens? I mean can your LAN hosts browse internet normally after the problem occurs?

I'm asking because you have only one public IP (198.30.63.64) for the NAT pool but your using it to do both dynamic NAT and static NAT. Usually, you need at least one additional IP to do static NAT.

Check to see what happens if you remove the following line:

[code:1]ip nat inside source static 192.168.2.24 198.30.63.64[/code:1]

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
15 years 2 weeks ago #30769 by dmourghen
Replied by dmourghen on topic No
Do you still have internet access when the problem happens? I mean can your LAN hosts browse internet normally after the problem occurs?


No we don;t have internet access. and actually it a mail server and the mails does not go out.


I'm asking because you have only one public IP (198.30.63.64) for the NAT pool but your using it to do both dynamic NAT and static NAT. Usually, you need at least one additional IP to do static NAT.



Well we have another addres which is 198.30.63.65 but when we this one as nat pool when people send mails , it prompts that there is no reverse DNS
.



Check to see what happens if you remove the following line:

Nothing happens when I remove the lines. its the same as before.
More
15 years 2 weeks ago #30773 by dmourghen
Replied by dmourghen on topic Som other info
I have noted that there is anlot of traffic coming out and port 135 and 445 is highly being used by the router.

the server has symantec and all patch has been applied on the server.
Time to create page: 0.214 seconds