https://community.cisco.com/t5/network-security/nat-question-faking-dynamic-but-only-allow-incoming-to-1-host/m-p/1488575#M701459 <P>I have 1 external IP address that is used for incomming mail.&nbsp; That address is pointed via static to my Barracuda web filter.&nbsp; My xchange server falls under the standard dynamic nat policy.&nbsp; One some domains I have been getting NDR bounce backs because the source IP address does not mach my MX record address (reverse dns).</P><P></P><P>IE..</P><P></P><P>123.123.123.123 is the external IP address for my internal host 172.16.1.1&nbsp; (my barracuda)</P><P>123.123.123.223 is the external IP address for my internal dynamic nat.&nbsp; (so all other hosts appear under this address, which includes my exchage server).</P><P></P><P>Is it possible to mask / fake so that my exchange server appears to have the same external address as my barracuda to prevent these NDR reverse dns issues?&nbsp; However I do not want anything that goes to 123.123.123.123 to go directly to the exchange server.</P> Mon, 11 Mar 2019 17:41:11 GMT ksuchewie 2019-03-11T17:41:11Z https://community.cisco.com/t5/network-security/nat-question-faking-dynamic-but-only-allow-incoming-to-1-host/m-p/1488575#M701459 <P>I have 1 external IP address that is used for incomming mail.&nbsp; That address is pointed via static to my Barracuda web filter.&nbsp; My xchange server falls under the standard dynamic nat policy.&nbsp; One some domains I have been getting NDR bounce backs because the source IP address does not mach my MX record address (reverse dns).</P><P></P><P>IE..</P><P></P><P>123.123.123.123 is the external IP address for my internal host 172.16.1.1&nbsp; (my barracuda)</P><P>123.123.123.223 is the external IP address for my internal dynamic nat.&nbsp; (so all other hosts appear under this address, which includes my exchage server).</P><P></P><P>Is it possible to mask / fake so that my exchange server appears to have the same external address as my barracuda to prevent these NDR reverse dns issues?&nbsp; However I do not want anything that goes to 123.123.123.123 to go directly to the exchange server.</P> Mon, 11 Mar 2019 17:41:11 GMT https://community.cisco.com/t5/network-security/nat-question-faking-dynamic-but-only-allow-incoming-to-1-host/m-p/1488575#M701459 ksuchewie 2019-03-11T17:41:11Z https://community.cisco.com/t5/network-security/nat-question-faking-dynamic-but-only-allow-incoming-to-1-host/m-p/1488576#M701470 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I assume that we have the following configuration:</P><P></P><P>static (inside,outside) 123.123.123.123 172.16.1.1</P><P>global (outside) 1 123.123.123.223</P><P>nat (inside) 1 0 0</P><P></P><P>Try the following:</P><P></P><P>no static (inside,outside) 123.123.123.123 172.16.1.1</P><P>static (inside,outside) tcp 123.123.123.123 25 172.16.1.1 25</P><P>no global (outside) 1 123.123.123.223</P><P>global (outside) 1 123.123.123.123</P><P></P><P>clear xlate</P><P>clear local</P><P></P><P>Let me know if that resolves the issue.</P><P></P><P></P><P>HTH</P><P></P><P>Ashu.</P></BODY></HTML> Wed, 05 May 2010 14:02:55 GMT https://community.cisco.com/t5/network-security/nat-question-faking-dynamic-but-only-allow-incoming-to-1-host/m-p/1488576#M701470 astripat 2010-05-05T14:02:55Z https://community.cisco.com/t5/network-security/nat-question-faking-dynamic-but-only-allow-incoming-to-1-host/m-p/1488577#M701481 <HTML><HEAD></HEAD><BODY><P>You should not do that as if the exchange server gets hit with a virus or mass mailing bot you will get on the SPAM list and could have issues with the server.&nbsp; You should point your exchange server at the Barracuda as an SMTP smarthost and have it scan outbound.</P></BODY></HTML> Thu, 06 May 2010 03:13:37 GMT https://community.cisco.com/t5/network-security/nat-question-faking-dynamic-but-only-allow-incoming-to-1-host/m-p/1488577#M701481 bob.bartlett 2010-05-06T03:13:37Z