ASA and mail server

ke4clu — Mon, 11 Mar 2019 09:58:40 GMT

Hi,

I have an ASA 5520 as the gateway firewall with the public address of xxx.xxx.xxx.060.

I do a static NAT to a GroupWise mail server with the public address of xxx.xxx.xxx.050

Using the following statement: static (DIA_INSIDE,DIA_OUTSIDE) Groupwise_Pub Groupwise netmask 255.255.255.255. Everything works just fine with this configuration.

I recently purchased a spam firewall for inbound mail filtering. It has the private address of Spamfilter. I use the following port forwarding statement to pass inbound mail through the spam filter.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub smtp Spamfilter smtp netmask 255.255.255.255

And this following to allow web access to the real mail server.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub https Groupwise https netmask 255.255.255.255

All inbound still works just fine. However, the outbound mail now has the source address of xxx.xxx.xxx.060 rather that xxx.xxx.xxx.050 which it should be. There is no PTR record for xxx.xxx.xxx.060 so most mail providers rejects my mail.

The question is: What are the ramifications of changing the physical address of the DIA_OUTSIDE interface from xxx.xxx.xxx.060 to xxx.xxx.xxx.050 and then port forward as needed as this would place the address xxx.xxx.xxx.050 in the mail headers as the source address and resolve the PTR record problem.

Regards,

Glenn Anderson

glennanderson@wcps.org

Re: ASA and mail server

bwilmoth — Mon, 16 Apr 2007 17:58:31 GMT

This sample configuration demonstrates how to set up the PIX Firewall for access to a mail server located on the Demilitarized Zone (DMZ) network.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml

topic Re: ASA and mail server in Network Security

ASA and mail server

Re: ASA and mail server