Cisco 851 router not allowing send mail...

I am having a hard time with this one so any help is needed and appreciated - I'm running out of options. I setup a Cisco 851w using the SDM gui. I'm not a CCNxxx anything just a lan admin but I can understand most of it.

All works ok including vpn connections, etc. here's the weird thing.

For inside pc clients on the lan who are not using a mail client like outlook..... Some internet mail works ok, some don't. Rogers and yahoo email works ok. Gmail, Neomail, hotmail do not. Specifically I can receive mail from these but I can't send. When trying to send it just just hangs and times out. And yes, when I bypass the router and go straight thru the dsl modem all is ok. I've tried opening up the firewall, wiping out the acls and it still happens. Its drivin me a bit crazy cause it makes no sense but its happening. I thought it was the dsl modem. It was changed, no help. Thought it was firewalls, nope, disabled all of it for testing.

Fact remains that when I take the router out of the loop, all works ok. Cisco have tried but they can't find it...they say it looks ok. So much for that. Anyone have similar? I've read stuff about the natchi worm mitigation..where's that in the router? Could MTU rate change help? Not sure where that's changed... What else on the router can cause this?

Thanks TFC

Reply to
TFC
Loading thread data ...

Post your config

Reply to
DMc

When implemented according to Cisco's instructions, this blocks ICMP packets of a very specific length.

When implemented with the wrong ACL name, it ends up blocking

-all- packets that happen to be that very specific length. But when -that- happens, you can still telnet through to an SMTP port and type in commands manually, unless you happen to hit the magic packet length. Another way of phrasing this is that if you end up blocking all packets that are -exactly- that specific packet length, then you will be able to get part way through the conversations that fail... and to get all the way through other conversations that use even one character difference in the line length.

Reply to
Walter Roberson

Not an MTU -rate- change, as MTU's don't have rates (if they did, there were probably be an applicable services tax... ;-) )

MTU problems can certainly lead to intermittant results like what you are seeing, but it is more typical to see the problem when

-receiving- data from those sites than when sending data to them. But it could happen in either direction.

You mentioned that you tried wiping out the ACLs in both directions. You might have to specifically permit "icmp unreachable" inward, if you have ip inspection turned on.

Reply to
Walter Roberson

article on IOS firewall stateful inspection of ICMP:

formatting link

Reply to
Merv

Thanks - At one point we turned off the firewall and deleted the acls. Cisco were on the phone with me at the time and they couln't see why this would happen. So if they can't tell me, then what's a guy to do??!!! I'm not exactly thrilled with their level of support. I'm a newbie when it comes to routers of this level. Are you saying that I would still have to explicedly allow certain things? When I see this problem happening using i.e. gmail or neomail, the iexplorer message says i.e..waiting for mail.gmail.com and doesn't move from there.

Isn't the MTU set at a default rate something like 1472 and it can be tweaked? I've changed this with other routers like a linksys...

I still don't get it how just sending email using web mail can hang. What is it that the router doesn't like here? Will check out icmp stuff . thanks.

Reply to
TFC

am checking it out . thanks

Reply to
TFC

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.