https://community.cisco.com/t5/network-security/outbound-nat-on-asa/m-p/2246076#M346765 <HTML><HEAD></HEAD><BODY><P>Thanks Jouni, you're allways right. Godfather of NAT <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Tue, 09 Jul 2013 19:11:23 GMT Patrick Werner 2013-07-09T19:11:23Z https://community.cisco.com/t5/network-security/outbound-nat-on-asa/m-p/2246074#M346762 <P>Hello Community.</P><P></P><P>My inbound smtp NAT works well, but our mail server should have the same IP address on the outside interface as definded in the inbound nat.</P><P>But the smtp server allways got the IP address of the outside interface of our ASA.</P><P></P><P>How do i do outbound nat, my smtp server should have the IP address 217.168.46.155 and not the IP address 217.168.46.154.</P><P></P><P>Relevant config:</P><P></P><P>interface Vlan10</P><P>nameif inside</P><P>security-level 100</P><P>ip address 192.168.1.200 255.255.255.0</P><P></P><P>interface Vlan99</P><P>nameif outside</P><P>security-level 0</P><P>ip address 217.168.46.154 255.255.255.248</P><P></P><P>object network Z1_SMTP</P><P>host 192.168.1.9</P><P>description NAT Z1 SMTP</P><P></P><P>object-group service Z1SecureMailPorts</P><P>description Z1 Secure Mail Ports</P><P>service-object tcp destination eq smtp</P><P></P><P>access-list outside_access_in extended permit object-group Z1SecureMailPorts any host 192.168.1.9 log</P><P></P><P>object network Z1_SMTP</P><P>nat (inside,outside) static 217.168.46.155 service tcp smtp smtp</P><P></P><P>nat (inside,outside) after-auto source dynamic 192.168.1.0_24 interface</P><P>nat (guest,outside) after-auto source dynamic 172.16.20.0_24 interface</P><P></P><P>Kind regards</P> Tue, 12 Mar 2019 02:09:27 GMT https://community.cisco.com/t5/network-security/outbound-nat-on-asa/m-p/2246074#M346762 Patrick Werner 2019-03-12T02:09:27Z https://community.cisco.com/t5/network-security/outbound-nat-on-asa/m-p/2246075#M346763 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Try adding this configuration</P><P></P><P><STRONG>object network MAIL-SERVER-SOURCE</STRONG></P><P><STRONG> host 192.168.1.9</STRONG></P><P></P><P><STRONG>object network MAIL-SERVER-PAT</STRONG></P><P><STRONG> host 217.168.46.155</STRONG></P><P></P><P><STRONG>nat (inside,outside) after-auto <SPAN style="color: #ff0000;">1</SPAN> source dynamic MAIL-SERVER-SOURCE MAIL-SERVER-PAT</STRONG></P><P></P><P>The above configurations should make it so that the mail server would use the public IP address of 217.168.46.155 as the Dynamic PAT address when it initiates outbound connections through the ASA</P><P></P><P>The key thing to notice in the <STRONG>"nat"</STRONG> command is that we enter the number that states that it should be at the top of the Section 3 NAT configurations (the configurations using <STRONG>"after-auto"</STRONG> parameter)</P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please do remember to mark a reply as the correct answer if it answered your question.</P><P></P><P>Feel free to ask more if needed</P><P></P><P>- Jouni</P></BODY></HTML> Tue, 09 Jul 2013 09:51:53 GMT https://community.cisco.com/t5/network-security/outbound-nat-on-asa/m-p/2246075#M346763 Jouni Forss 2013-07-09T09:51:53Z https://community.cisco.com/t5/network-security/outbound-nat-on-asa/m-p/2246076#M346765 <HTML><HEAD></HEAD><BODY><P>Thanks Jouni, you're allways right. Godfather of NAT <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Tue, 09 Jul 2013 19:11:23 GMT https://community.cisco.com/t5/network-security/outbound-nat-on-asa/m-p/2246076#M346765 Patrick Werner 2013-07-09T19:11:23Z