Set the source IP address of EEM SMTP session

From CT3

Jump to: navigation, search

By Ivan Pepelnjak

Starting with version 2.1, the Embedded Event Manager (EEM) includes the action mail command, which can send an e-mail from an EEM applet through an external SMTP server. The source address of the SMTP session is set to the IP address of the outgoing interface (the interface through which the SMTP server is reachable) and cannot be changed. This behavior can lead to connectivity issues in designs where the inter-router links use private IP addresses that are not reachable by the SMTP server or where the point-to-point subnets assigned to inter-router links are not advertised by the routing protocols.

If the router has a network-wide routable IP address assigned to one of its loopback interfaces, you could use Network Address Translation (NAT) to set the source IP address of the SMTP session to the IP address of the loopback interface.

The deployment of NAT on core routers could lead to unacceptable performance degradation.

Classic NAT implementation

When using classic NAT (without the NAT Virtual Interface), you have to:

  • Configure an access-list and a route-map that matches SMTP sessions from the router to the SMTP server.
  • Configure a dedicated NAT pool that maps the source address of the SMTP sessions into the IP address of the loopback interface.
  • Configure the interface pointing toward the SMTP server as a NAT outside interface.
By extending the route-map, you could map source addresses of multiple local applications, not just the SMTP sessions, into the IP address of the loopback interface

Example

A sample router (R1) has a non-routable address (in the 10.0.0.0/8 network) on the Fast Ethernet interface and a routable address (in the 172.16.0.0/16 range) on the Loopback interface. The SMTP server has IP address 172.16.2.3.

interface Loopback0
 ip address 172.16.0.1 255.255.255.255
interface FastEthernet0/0
 ip address 10.0.0.1 255.255.255.240

To match the SMTP packets sent from the router toward the SMTP server, configure the following access-list:

ip access-list extended LocalSMTP
 permit tcp host 10.0.0.1 host 172.16.2.3 eq smtp
You have to include all non-routable addresses assigned to the router in the access-list.

The access-list is used in a route-map (you have to use a route-map in the ip nat commands to force the router to use extended NAT entries):

route-map LocalPolicy permit 10
 match ip address LocalSMTP

Define a NAT overload pool based on the loopback interface …

ip nat inside source route-map LocalPolicy interface Loopback0 overload

… and configure the Fast Ethernet interface as a NAT outside interface:

interface FastEthernet0/0
 ip address 10.0.0.1 255.255.255.240
 ip nat outside

To test the configuration, create a simple EEM applet …

event manager applet mail
 event none
 action 1.0 mail server 172.16.2.3 to test@example.com from R1@example.com subject "test"

… and run it with the event manager run mail command.

Personal tools

CT3

Main menu