Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
594
Views
0
Helpful
3
Replies

ASA: inside smtp service known as a different IP from the one binding to the outside interface

chenbc
Level 1
Level 1

‎03-26-2011 08:56 PM - edited ‎03-11-2019 01:13 PM

Hello all,

Our ASA has inside IP: A.A.A.A, outside IP: B.B.B.B

and we want to make smtp servers at inside network: A.A.A.C, which sending mails through a different outside IP: B.B.B.D

Thus the other mail servers would treat these mails from A.A.A.C as B.B.B.D sent.

How would you do this?

I've set static (inside,outside) tcp B.B.B.D smtp A.A.A.C netmask 255.255.255.255 but does not work :/

Thanks a lot

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-26-2011 10:14 PM

Hi,

If A.A.A.C is the real inside IP address of the SMTP server and B.B.B.D is going to be the translated (NAT) address, then you have to options:

1. If the B.B.B.D is not used anywhere else (not shared), just do a one-to-one static NAT:

static (in,out) B.B.B.D A.A.A.C

This will translate all IP traffic between both IPs in both directions.

2. If B.B.B.D is being used, then you can use static PAT as you mentioned:

static (in,out) tcp B.B.B.D smtp A.A.A.C smtp

Remember that the above commands are only the NAT statements, you still need to have the ACLs in place to allow the desired traffic through the ASA.

Hope it helps.


Federico.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Federico Coto Fajardo

‎03-27-2011 07:27 AM

Just to add...

If you do this:

static (in,out) tcp B.B.B.D smtp A.A.A.C smtp

Then it works for inbound traffic.

ie.

Host on the outside trying to reach the internal server using B.B.B.D on port 25.

If you want the inside host to be ''seen'' as B.B.B.D when it sends outbound traffic you also need something like:

nat (inside) 1 A.A.A.C

global (outside) 1 B.B.B.D 255.255.255.255

Federico.

0 Helpful

chenbc
Level 1
Level 1
In response to Federico Coto Fajardo

‎04-08-2011 02:31 AM

Hello,

>> If you want the inside host to be ''seen'' as B.B.B.D when it sends outbound traffic you also need something like:

>> nat (inside) 1 A.A.A.C

>> global (outside) 1 B.B.B.D 255.255.255.255

But we want the inside host to be seen as B.B.B.D only with SMTP services

because the inside host has default outbound traffic and be seen as B.B.B.B

We just want to make mails sent as a different ip seen as B.B.B.D

Is there any way to achieve this?

Thanks a lot

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card