Hi,
I have an ASA 5520 as the gateway firewall with the public address of xxx.xxx.xxx.060.
I do a static NAT to a GroupWise mail server with the public address of xxx.xxx.xxx.050
Using the following statement: static (DIA_INSIDE,DIA_OUTSIDE) Groupwise_Pub Groupwise netmask 255.255.255.255. Everything works just fine with this configuration.
I recently purchased a spam firewall for inbound mail filtering. It has the private address of Spamfilter. I use the following port forwarding statement to pass inbound mail through the spam filter.
static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub smtp Spamfilter smtp netmask 255.255.255.255
And this following to allow web access to the real mail server.
static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub https Groupwise https netmask 255.255.255.255
All inbound still works just fine. However, the outbound mail now has the source address of xxx.xxx.xxx.060 rather that xxx.xxx.xxx.050 which it should be. There is no PTR record for xxx.xxx.xxx.060 so most mail providers rejects my mail.
The question is: What are the ramifications of changing the physical address of the DIA_OUTSIDE interface from xxx.xxx.xxx.060 to xxx.xxx.xxx.050 and then port forward as needed as this would place the address xxx.xxx.xxx.050 in the mail headers as the source address and resolve the PTR record problem.
Regards,
Glenn Anderson
glennanderson@wcps.org