https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513949#M635494 <HTML><HEAD></HEAD><BODY><P>Syed,</P><P></P><P>Should I remove the current static nat and then apply yours and test the status?</P></BODY></HTML> Thu, 04 Nov 2010 07:37:46 GMT arumugasamy 2010-11-04T07:37:46Z https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513947#M635492 <P>Pros,</P><P>ASA firewall with 3 zones inside,outside,dmz are configured. The front end email server in dmz was natted to the public IP (static NAT) and MX&nbsp; record also updated.</P><P>The firewall outside IP is x.x.x.171 (Public)</P><P>Email Nated IP address x.x.x.170 (Public)</P><P>show xlate shows <STRONG>global x.x.x.170 local y.y.y.12</STRONG></P><P>y.y.y.12 is email front end server in dmz.</P><P><STRONG>nat(dmz) 1 0.0.0.0</STRONG></P><P><STRONG>global (ouside) 1 interface</STRONG></P><P><STRONG>static (dmz,outside) x.x.x.170 y.y.y.12 netmask 255.255.255.25</STRONG>5.</P><P>ACL applied in outside with required ports are opened.</P><P></P><P>The issue is that the user get the email and the header shows that it received with <STRONG>public IP x.x.x.171</STRONG> of firewall outside interface instead of the MX record <STRONG>IP of x.x.x.170</STRONG>.</P><P></P><P>How can we solve this issue.</P><P></P><P>sami</P> Mon, 11 Mar 2019 19:04:34 GMT https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513947#M635492 arumugasamy 2019-03-11T19:04:34Z https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513948#M635493 <HTML><HEAD></HEAD><BODY><P>Hi Sami,</P><P></P><P>It looks like the issue of Source NAT vs Destination NAT. You have not mentioned the version of your software.</P><P></P><P>Adding the following line should fix this for you.</P><P></P><P>static (outside,dmz) y.y.y.12 x.x.x.170 netmask 255.255.255.255</P><P></P><P>Cheers,</P><P></P><P></P><P>Mubarak</P></BODY></HTML> Thu, 04 Nov 2010 05:46:40 GMT https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513948#M635493 syedmubarakahmed 2010-11-04T05:46:40Z https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513949#M635494 <HTML><HEAD></HEAD><BODY><P>Syed,</P><P></P><P>Should I remove the current static nat and then apply yours and test the status?</P></BODY></HTML> Thu, 04 Nov 2010 07:37:46 GMT https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513949#M635494 arumugasamy 2010-11-04T07:37:46Z https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513950#M635495 <HTML><HEAD></HEAD><BODY><P>No don't remove existing NAT. Add this one as well.</P></BODY></HTML> Thu, 04 Nov 2010 08:45:01 GMT https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513950#M635495 syedmubarakahmed 2010-11-04T08:45:01Z https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513951#M635496 <HTML><HEAD></HEAD><BODY><P>Syed, this is incorrect, you shouldn't need to add the following line:</P><P>static (outside,dmz) y.y.y.12 x.x.x.170 netmask 255.255.255.255</P><P></P><P>Arumugasamy, the existing static NAT statement is already sufficient:</P><P><STRONG>static (dmz,outside) x.x.x.170 y.y.y.12 netmask 255.255.255.25</STRONG>5</P><P></P><P>Please kindly perform a "clear xlate" to clear existing connection. You might be using the .171 earlier before configuring the static NAT statement therefore it still uses .171 for outbound mail (as you have nat/global pair statements) for outbound traffic.</P></BODY></HTML> Thu, 04 Nov 2010 10:45:16 GMT https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513951#M635496 Jennifer Halim 2010-11-04T10:45:16Z https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513952#M635497 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You can try creating a more specific NAT to achieve this for outbound traffic.</P><P></P><P><STRONG>nat(dmz) 2 </STRONG><STRONG>y.y.y.12 255.255.255.255<BR /></STRONG></P><P><STRONG>global (ouside) 2 </STRONG><STRONG>x.x.x.170 netmask 255.255.255.255</STRONG></P><P></P><P>Thanks,</P></BODY></HTML> Wed, 16 Feb 2011 04:16:01 GMT https://community.cisco.com/t5/network-security/asa-static-nat-issue/m-p/1513952#M635497 syedmubarakahmed 2011-02-16T04:16:01Z