https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481090#M726889 <HTML><HEAD></HEAD><BODY><P>It worked.</P><P></P><P>thank you Bhisham</P></BODY></HTML> Thu, 06 May 2010 23:24:59 GMT zulu-5-2010 2010-05-06T23:24:59Z https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481087#M726886 <P>Ladies and Gents,</P><P></P><P>I have 3 interfaces in my PIX, Inside, Public and DMZ. I have a host (192.168.1.111) in the DMZ that needs to relay mail to a smart host on the internet. However, the smart host only accepts connections from certain addresses. Public interface's address is one of them. So I've set up an ACL, applied it to the interface.</P><P></P><P>access-list DMZ_access_in extended permit tcp host 192.168.1.111 eq smtp object-group smarthostcluster eq smtp</P><P>access-group DMZ_access_in in interface DMZ</P><P></P><P>Now I have to NAT/PAT the traffic, since the smart host only accepts connections from the Public interface.</P><P></P><P>global (Public) 1 interface</P><P>nat (DMZ) 1 192.168.1.111 255.255.255.255</P><P></P><P>However, it still doesn't work. It says connection is refused. So, I wonder if I have missed something. Our main server sends out fine, but the Inside ACL is a lot less restrictive so I really don't know who's at fault, me or the smart host.</P><P></P><P>Regards</P><P>Igs</P> Mon, 11 Mar 2019 17:40:29 GMT https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481087#M726886 zulu-5-2010 2019-03-11T17:40:29Z https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481088#M726887 <HTML><HEAD></HEAD><BODY><P><STRONG>access-list DMZ_access_in extended permit tcp host 192.168.1.111 object-group smarthostcluster eq smtp</STRONG></P><P>access-group DMZ_access_in in interface DMZ</P><P></P><P>Now I have to NAT/PAT the traffic, since the smart host only accepts connections from the Public interface.</P><P></P><P>global (Public) 1 interface</P><P>nat (DMZ) 1 192.168.1.111 255.255.255.255</P><P></P><P></P><P>Try this hope this will work...!</P><P>Thanks/Bhisham</P></BODY></HTML> Tue, 04 May 2010 06:50:55 GMT https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481088#M726887 bhisham84 2010-05-04T06:50:55Z https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481089#M726888 <HTML><HEAD></HEAD><BODY><P>Bhisham, thank you for your help. Greatly appriciated.</P><P>I'll change the line tomorrow, see what happens</P></BODY></HTML> Tue, 04 May 2010 06:55:39 GMT https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481089#M726888 zulu-5-2010 2010-05-04T06:55:39Z https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481090#M726889 <HTML><HEAD></HEAD><BODY><P>It worked.</P><P></P><P>thank you Bhisham</P></BODY></HTML> Thu, 06 May 2010 23:24:59 GMT https://community.cisco.com/t5/network-security/nat-outbound-smtp/m-p/1481090#M726889 zulu-5-2010 2010-05-06T23:24:59Z