Set the source IP address of EEM SMTP session

From CT3

Jump to: navigation, search

By Ivan Pepelnjak

Starting with version 2.1, the Embedded Event Manager (EEM) includes the action mail command, which can send an e-mail from an EEM applet through an external SMTP server. The source address of the SMTP session is set to the IP address of the outgoing interface (the interface through which the SMTP server is reachable) and cannot be changed. This behavior can lead to connectivity issues in designs where the inter-router links use private IP addresses that are not reachable by the SMTP server or where the point-to-point subnets assigned to inter-router links are not advertised by the routing protocols.

If the router has a network-wide routable IP address assigned to one of its loopback interfaces, you could use Network Address Translation (NAT) to set the source IP address of the SMTP session to the IP address of the loopback interface.

The deployment of NAT on core routers could lead to unacceptable performance degradation.

Classic NAT implementation

When using classic NAT (without the NAT Virtual Interface), you have to:

  • Configure an access-list and a route-map that matches SMTP sessions from the router to the SMTP server.
  • Configure a dedicated NAT pool that maps the source address of the SMTP sessions into the IP address of the loopback interface.
  • Configure the interface pointing toward the SMTP server as a NAT outside interface.
By extending the route-map, you could map source addresses of multiple local applications, not just the SMTP sessions, into the IP address of the loopback interface


A sample router (R1) has a non-routable address (in the network) on the Fast Ethernet interface and a routable address (in the range) on the Loopback interface. The SMTP server has IP address

interface Loopback0
 ip address
interface FastEthernet0/0
 ip address

To match the SMTP packets sent from the router toward the SMTP server, configure the following access-list:

ip access-list extended LocalSMTP
 permit tcp host host eq smtp
You have to include all non-routable addresses assigned to the router in the access-list.

The access-list is used in a route-map (you have to use a route-map in the ip nat commands to force the router to use extended NAT entries):

route-map LocalPolicy permit 10
 match ip address LocalSMTP

Define a NAT overload pool based on the loopback interface …

ip nat inside source route-map LocalPolicy interface Loopback0 overload

… and configure the Fast Ethernet interface as a NAT outside interface:

interface FastEthernet0/0
 ip address
 ip nat outside

To test the configuration, create a simple EEM applet …

event manager applet mail
 event none
 action 1.0 mail server to from subject "test"

… and run it with the event manager run mail command.

Personal tools


Main menu