Hey,

i have change to :

object service mail-serv

service tcp source eq smtp

Nothing works !

Hey,

i have config this then come this :

ERROR: Address xxx.xxx.xxx.xxx overlaps with outside interface address.

ERROR: NAT Policy is not downloaded

What is that ?

Try this:

object network srv-ex

host 10.104.1.9

object service mail-serv

service tcp destination eq 25

nat (outside,inside) source static any any destination static interface srv-ex service mail-serv mail-serv

access-list outside_access_in extended permit tcp any host 10.104.1.9  eq smtp

I am using the outside interface as the public ip for the mail server, if you have any other free ip, you can use it.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Can you also give us the output of :

show run interface

Thanks,
Varun Rao
Security Team,
Cisco TAC

Internet and VPN Site-to-Site works with the Interface !

Hey,

no works, this was the config :

object service mail-serv

service tcp destination eq smtp

object network srv-ex

host 10.104.1.9

nat (outside,inside) source static any any destination static interface srv-ex service mail-serv mail-serv

access-list outside_access_in extended permit tcp any host 10.104.1.9 eq smtp

access-group outside_access_in in interface outside

show nat

Manual NAT Policies (Section 1)

1 (inside) to (outside) source dynamic any interface

    translate_hits = 1058, untranslate_hits = 212

2 (inside) to (outside) source static RFC1918 RFC1918   destination static RFC1918 RFC1918 description NAT-Excempt for VPN

    translate_hits = 0, untranslate_hits = 828

3 (outside) to (inside) source static any any   destination static interface srv-ex service mail-serv mail-serv

    translate_hits = 0, untranslate_hits = 0

Make from the Internet a telnet on port 25 nothing !

Hey all,

have change the NAT Rules from Position 3 to 1 and now works !

Great, it must be hitting your nat exempt..all the best

Thanks,
Varun Rao
Security Team,
Cisco TAC