Cisco 851 router not allowing send mail...
TFC
appreciated - I'm running out of options.
I setup a Cisco 851w using the SDM gui. I'm not a CCNxxx anything just
a lan admin but I can understand most of it.
All works ok including vpn connections, etc. here's the weird thing.
For inside pc clients on the lan who are not using a mail client like
outlook.....
Some internet mail works ok, some don't. Rogers and yahoo email works
ok.
Gmail, Neomail, hotmail do not. Specifically I can receive mail from
these but I can't send. When trying to send it just just hangs and
times out. And yes, when I bypass the router and go straight thru the
dsl modem all is ok.
I've tried opening up the firewall, wiping out the acls and it still
happens. Its drivin me a bit crazy cause it makes no sense but its
happening. I thought it was the dsl modem. It was changed, no help.
Thought it was firewalls, nope, disabled all of it for testing.
Fact remains that when I take the router out of the loop, all works ok.
Cisco have tried but they can't find it...they say it looks ok. So much
for that.
Anyone have similar?
I've read stuff about the natchi worm mitigation..where's that in the
router?
Could MTU rate change help? Not sure where that's changed...
What else on the router can cause this?
Thanks
TFC
DMc
"TFC" <TFCons...@gmail.com> wrote in message
news:1140406962.0...@z14g2000cwz.googlegroups.com...
Walter Roberson
TFC <TFCons...@gmail.com> wrote:
>I've read stuff about the natchi worm mitigation..where's that in the
>router?
When implemented according to Cisco's instructions, this blocks
ICMP packets of a very specific length.
When implemented with the wrong ACL name, it ends up blocking
-all- packets that happen to be that very specific length. But
when -that- happens, you can still telnet through to an SMTP port
and type in commands manually, unless you happen to hit the magic
packet length. Another way of phrasing this is that if you end up
blocking all packets that are -exactly- that specific packet length,
then you will be able to get part way through the conversations
that fail... and to get all the way through other conversations that use
even one character difference in the line length.
Walter Roberson
>For inside pc clients on the lan who are not using a mail client like
>outlook.....
>Some internet mail works ok, some don't. Rogers and yahoo email works
>ok.
>Gmail, Neomail, hotmail do not. Specifically I can receive mail from
>these but I can't send. When trying to send it just just hangs and
>times out.
>Could MTU rate change help?
Not an MTU -rate- change, as MTU's don't have rates (if they
did, there were probably be an applicable services tax... ;-) )
MTU problems can certainly lead to intermittant results like
what you are seeing, but it is more typical to see the problem when
-receiving- data from those sites than when sending data to them.
But it could happen in either direction.
You mentioned that you tried wiping out the ACLs in both directions.
You might have to specifically permit "icmp unreachable" inward,
if you have ip inspection turned on.
Merv
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a0080146558.html
TFC
Cisco were on the phone with me at the time and they couln't see why
this would happen. So if they can't tell me, then what's a guy to
do??!!! I'm not exactly thrilled with their level of support.
I'm a newbie when it comes to routers of this level. Are you saying
that I would still have to explicedly allow certain things? When I see
this problem happening using i.e. gmail or neomail, the iexplorer
message says i.e..waiting for mail.gmail.com and doesn't move from
there.
Isn't the MTU set at a default rate something like 1472 and it can be
tweaked? I've changed this with other routers like a linksys...
I still don't get it how just sending email using web mail can hang.
What is it that the router doesn't like here?
Will check out icmp stuff . thanks.