Dears,

I have emails server server 10.10.10.249 hosted on-premise  with public address NATed at ASA outside interface and recently installed application which require to allow a set of IPs to access the server the IPs are :-

74.201.84.80 

74.201.152.59

74.201.154.214 

165.254.168.201 

I'm sure the server can reach all services outside but what shall I do?? 

The ASA Configuration 

=========================================================================================================

interface GigabitEthernet0/0

 nameif outside

 security-level 0

 ip address 82.X.x.x 255.255.255.252

!

interface GigabitEthernet0/1

 nameif inside

 security-level 100

 ip address 10.10.10.2 255.255.255.0

access-list 120 extended permit ip 10.10.10.0 255.255.255.0 any

access-list 120 extended permit ip 10.10.11.0 255.255.255.0 any

access-list 120 extended permit ip 10.10.12.0 255.255.255.0 any

access-list 140 extended permit tcp any interface outside eq telnet

access-list 140 extended permit tcp any interface outside eq imap4

access-list 140 extended permit tcp any interface outside eq https

access-list 140 extended permit tcp any interface outside eq smtp

access-list 140 extended permit tcp any interface outside eq pop3

access-list 133 extended permit icmp any any

access-list no_nat extended permit ip 10.10.20.0 255.255.255.0 any

access-list no_nat extended permit ip any 10.10.20.0 255.255.255.0

access-list SMTP_Restrict extended permit tcp host 10.10.10.249 any eq smtp

access-list SMTP_Restrict extended deny tcp any any eq smtp

access-list SMTP_Restrict extended permit ip any any

nat (inside) 0 access-list no_nat

nat (inside) 1 access-list 120

static (inside,outside) tcp interface smtp 10.10.10.249 smtp netmask 255.255.255           .255

static (inside,outside) tcp interface https 10.10.10.249 https netmask 255.255.2           55.255

static (inside,outside) tcp interface pop3 10.10.10.249 pop3 netmask 255.255.255           .255

static (inside,outside) tcp interface imap4 10.10.10.249 imap4 netmask 255.255.2           55.255

static (inside,outside) tcp interface telnet 10.10.10.1 telnet netmask 255.255.2           55.255

access-group 140 in interface outside

access-group SMTP_Restrict in interface inside

route outside 0.0.0.0 0.0.0.0 82.147.202.137 1

route inside 10.10.11.0 255.255.255.0 10.10.10.1 1

route inside 10.10.12.0 255.255.255.0 10.10.10.1 1

============================================================================================================================

I think this rows should be omitted to resolve the issue

nat (inside) 0 access-list no_nat
access-list no_nat extended permit ip 10.10.20.0 255.255.255.0 any
access-list no_nat extended permit ip any 10.10.20.0 255.255.255.0