06-11-2012 07:19 AM - edited 03-11-2019 04:17 PM
Hi everyone!
We have seen an old thread about this problem that says:
******
The issue here is with the order of NAT rules in the 8.4 version.
A Manual NAT rule takes precedence over Auto NAT (within object group).
So, nat (inside,outside) source dynamic any interface; is taking precedence when going from inside to outside.
*******
Our situation is the same ASA 8.4(2), we can't send email with the wan mail server address.
How can we solve this problem??
See the attached txt file for our NAT configuration for the internal mail server (lan ip 10.240.2.32, wan 88.x.x.x).
06-11-2012 09:30 AM
add rules to your inside access out as well..
06-11-2012 10:20 AM
In Section 2 table (NAT order of operation), static takes precedence over dynamic NAT,
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157
Add a static for your email server
The following example configures static NAT for the real host 10.1.1.1 on the inside to 2.2.2.2 on the outside using a mapped object.
hostname(config)# object network my-mapped-obj
hostname(config-network-object)# host 10.2.2.2
hostname(config-network-object)# object network my-host-obj1
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static my-mapped-obj
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html#wp1106703
06-12-2012 04:22 AM
Hi
You may check with this single NAT statement (instead of port-forwarding) since ports can be managed by applied ACL.
object network hst-10.240.2.32
host 10.240.2.32
description mailserver Host Object
nat (inside,outside) static 88.x.x.x
Note:-But remove earlier configured NAT statements before using this.
11-20-2012 05:24 AM
thanks to everyone!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide