Hi,
we have a Windows Server for SBS 2003 and a cisco 837 router with the following config:
Current configuration : 5433 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname FNN1610037615 ! boot-start-marker boot-end-marker ! memory-size iomem 5 logging buffered 51200 warnings ! username victor privilege 15 password 7 104D1F012816155F5E036F username surespek privilege 15 password 7 02301475531C5A26 aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local aaa session-id common ip subnet-zero no ip source-route no ip gratuitous-arps ! ! ! ! ip domain name surespek.net.au ip name-server 139.130.4.4 ip inspect name CBAC ftp ip inspect name CBAC http ip inspect name CBAC tcp ip inspect name CBAC udp ip inspect name CBAC smtp ip inspect name CBAC fragment maximum 256 timeout 1 ip ips po max-events 100 no ftp-server write-enable ! ! ! ! ! crypto isakmp policy 3 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group VPNusers key 21sure05spek04 dns 192.168.1.5 domain surespek.net.au pool VPNPool ! ! crypto ipsec transform-set myset esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! interface Ethernet0 description LAN ip address 192.168.1.3 255.255.255.0 ip nat inside ip inspect CBAC in ip virtual-reassembly hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode itu-dmt pvc 1/34 ubr 384 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 description Internet Network ip address negotiated ip access-group ACL-Outside in ip nat outside ip virtual-reassembly encapsulation ppp no ip mroute-cache dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname 01610037615C@wAMNET ppp chap password 7 000A455F3752282E15 crypto map clientmap ! ip local pool VPNPool 10.10.10.10 10.10.10.20 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! no ip http server no ip http secure-server ! ip nat inside source route-map nonat interface Dialer1 overload ip nat inside source static tcp 192.168.1.230 25 203.153.229.11 25 extendable ip nat inside source static tcp 192.168.1.5 80 203.153.229.11 80 extendable ip nat inside source static tcp 192.168.1.5 110 203.153.229.11 110 extendable ip nat inside source static tcp 192.168.1.5 443 203.153.229.11 443 extendable ip nat inside source static tcp 192.168.1.5 3389 203.153.229.11 3389 extendable ! ! ip access-list extended ACL-Outside remark remark *** ACL Restricts incoming traffic from external networks remark remark *** Original ACL by : Adam Hinett ComputerCorp remark *** on 21/05/04 remark remark *** VPN Exclusions remark permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255 remark remark *** Deny Private Address Ranges remark deny ip 10.0.0.0 0.255.255.255 any log-input deny ip 172.16.0.0 0.15.255.255 any log-input deny ip 192.168.0.0 0.0.255.255 any log-input remark remark *** Deny Invalid and Multicast Ranges remark deny ip 0.0.0.0 0.255.255.255 any log-input deny ip 224.0.0.0 0.255.255.255 any log-input deny ip 255.0.0.0 0.255.255.255 any log-input remark remark *** Permit limited ICMP remark permit icmp any any echo-reply permit icmp any any time-exceeded permit icmp any any traceroute permit icmp any any unreachable remark remark *** Permits Mail *** remark permit tcp any host 203.153.229.11 eq smtp permit tcp any host 203.153.229.11 eq www permit tcp any host 203.153.229.11 eq 443 remark remark *** Permits DNS *** remark permit udp any any eq domain permit tcp any any eq domain remark remark *** Permit - VPN remark permit esp any host 203.153.229.11 permit ahp any host 203.153.229.11 permit udp any host 203.153.229.11 eq isakmp permit udp any host 203.153.229.11 eq non500-isakmp remark remark *** Permit ComputerCORP Remote Administration remark permit tcp 210.10.117.124 0.0.0.1 any eq telnet permit tcp 210.10.117.124 0.0.0.1 host 203.153.229.11 eq 3389 remark remark *** Deny the Rest remark deny ip any any log-input remark access-list 10 permit 210.10.117.125 log access-list 10 permit 210.10.117.124 log access-list 10 permit 192.168.1.0 0.0.0.255 log access-list 10 deny any log access-list 23 permit 10.10.10.0 0.0.0.255 access-list 130 deny ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 130 permit ip 192.168.1.0 0.0.0.255 any dialer-list 1 protocol ip permit ! route-map nonat permit 10 match ip address 130 ! ! control-plane ! ! line con 0 exec-timeout 2 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 access-class 10 in exec-timeout 2 0 privilege level 15 password 7 095E5B1C09571E061819162F38342D38 length 0 transport preferred all transport input all transport output all ! scheduler max-task-time 5000 end
For some reason we cannot access our POP3 email server, and from reading the cisco config, i would think we need to add the permit statement:
permit tcp any host 203.153.229.11 eq pop3
Could someone inform me if this will solve our problem? If this is all that is required, i have been having trouble trying to add that particular statement. i first enter enable then config t and then try to enter the permit statement but it give me an error.
Im relatively new to cisco stuff, so please any issues/help is appreciated.
Thanks Simon