linksys to Cisco 1811 Cutover

S

someonesomewhere

n00b
Joined
May 8, 2007
Messages
13
i'll get to the point. i've got a linksys ADSL router running our internet connection and doing a port forward for port 25 smtp traffic to our exchange server. before when we tried to impliment this cutover our incoming e-mail ceased to function. after a specialist looked into it we determined that we only had a single Ip address. well now that we've got a block of five IP addresses i need to get this router up and running. the MX for our exchange is already setup on the telco end. basically what i'm asking is how do i make the traffic destined for the exchange box route there. here is my theory on how this is going to work and i'd appreciate any type of feedback I can get. This is the first time i've done this so be gentle. What i'm planning on doing is creating a static route for anything with the address of our MX and sending it to the exchange server. if the interface on the router has a different Ip address say x.x.x.56 and tthe MX is x.x.x.57 will the traffic come to the 56 address and get rerouted to the 57 through the router? I'm sure that explanation is clear as mud but I'd appreciate any help i can get on this matter.

:confused:
 
router is running nat on the ADSL connection going out only. There is no firewall on it yet but there will be. i want to get it running before I worry about complicating things. I do have a firewall template already setup that i'm running at another facility. only difference is the other faciltiy is not running exchange. i should probably also note that we have not dropped in this router yet. i'm trying to do some advance planning to make the transition smoother and save some time.
 
How can you run NAT only on the outbound?

In any event, if it is functioning as a NAT, then all the ipaddresses will be bound to the external interface of the router. Just create static routes for the public ip of your mail server --> internal ip of your mail server (should only need port 25).

I don't see why having only one IP address would have prevented you from doing this initially. More IPs are nice, but you shouldn't have needed them unless you are running two different mail servers. Who was this "specialist"?
 
not to seem dense here but...

alright i've got my external set as x.x.x.66. I own a block of five addresses lets say 66-71. if my exchange servers mx is set to 67, it will come to the 66 address no matter what and then I can route it with say

ip route x.x.x.67 255.255.255.255 fastether0

to answer your question of the NAT, i've got the internal set as the vlan interface since that's where i'm hooking to my core switch from. the original plan was to use port forwarding but we were unsure as to how we would set this up. Like I said, i'm new to this.
 
So your exchange server will have a publicly accessible IP?

If you're not doing NAT and the exchange server is accessible on the internal interface of your router, all you should need to get it there is ip cef. I'm not a cisco guru, so you may want someone else to confirm.
 
I don't know the terms half as well as I should like but here goes. the exchange server has a private Ip address. the MX record for our exchange is a public Ip address. i'm trying to figure out if we have a block of five IP addresses (one for internet, one for exchange, 3 for expansion) and the router is configured to use the address for internet on it's F1 port through a dialer group, will the address for exchange still route to the routers F1 port as well. if this is the case can i use a static based on a destination address of the exchange MX record, and port 25 to route this information to our exchange servers internal address.

Someone please save my hair as i'm pulling it out by the hand full trying to understand this.

I tried looking into CEF but I can't figure out how that would help my current situation. i also looked into the NAT solution but I can't see how address translation is goign to get my traffic where it needs to go. this is probably totally backwards but is is possible to take all port 25 traffic at that router, NAT it to something bogus, then static route it to the desired destination?
 
Situation 1 - No NAT:

Router receives packets destined for .67. It routes them to the fastethernet interface. These packets still have the same ip header - the destination ip - your .67 public ip address. If the fastethernet interface of the router doesn't connect to a system / switch where that public ip resides or to another router that will accept it, it will die.

Options:

Connect the internal interface of the router to a switch where the only devices connected are those with public IP addresses. You could have your exchange server, a public web server and a web proxy server with their respective public IPs. Creating static routes on the router would be unnecessary because CEF will automatically detect that it is adjacent to the endpoints and dynamically create them.

Situation 2 - NAT:

I haven't had any experience with cisco routers & nat, but the gist of it is that all of your public ips would be assigned to the external interface of the router - it would accept all traffic destined for those 5 addresses and based on ACLs would forward traffic to your servers (nat'ing to your internal ips).

I'm not 100% sure on all of this; I don't work with cisco equipment much - I could be wrong.
 
I think i get it now. If i've got this thing setup right I shouldn't run into any problems. guess i'll find out in about a week when i put it in wont I. I appreciate all your help and persistance in trying to pound what should probably be a somewhat simple concept into my head
 
The Cisco 1841 router has an excellent firewall and I would highly recommend setting that up as part of your base configuration. Use the SDM web interface and go through the setup wizards. That will get your basic NATing setup and help you configure VPN access as well. Once you get that done you can setup static NAT translations to map the inside IP of the Exchange server to the outside IP you want, then restrict it to only allow SMTP and/or HTTPS for web mail. If you use the SDM its really quite simple to set it up.
 
Does anyone know what the Cisco equivilent would be for UPnP forwarding on a Linksys Router? if so does anyone know how to set this up?
 
You must log in or register to reply here.
Back
Top