cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
794
Views
0
Helpful
3
Replies

ASA5510: One Interface with 5 IPs and two smtp Server in the DMZ , Port Mapping

Hi all,

 

i know this Problems are not new but somehow i don´t get it.

 

I have an ASA5510 with One Physical Interface that hold 5 IP´s. I have until 5 Server in the DMZ. 

Now i need another one but it is the secound smtp Server so i need on the same Physical Interface 2 Forwards for smtp. Two different inside hosts( Mailserver).

192.168.x.x (DMZ)

192.168.x.xx (DMZ)

 

The first one is mapped to the outside interface with ip x.x.x.x1

Now i want to map the ip x.x.x2 to the second one. 

The ASDM is complaining of in use.

 

I read in this forum about uniqie Identifier that the asa could match the translation for Port 25.

I have two unique the ip´s or is that impossible to match for the asa ?

 

Philipp

 

3 Replies 3

Hello Phillip,

 

I hope you are fine! 

 

I would like to know are you doing a 1-to-1 static nat translation?

Hello,

sorry for my late respond. The 7.82 ASDM no log Bug hits me and i have to wait for a Downtime to get logs :-(.

 

I am using Objekt Nat. 

i have now defined rules for every port. But now i have the Problem that a one to one port mapping not works.

The First inside smtp server in the the dmz goes out the to outside ip one 

The Secound the same. I see the Problem that the match criteria not work.

The Source Ports are randomized so the first nat rule for smtp hits becaus of the Destination Port. i need a better match criteria.

The Problem is that I have to nat on the same outside ip an FTP Server.That the quickoption Public Server in the asdm is no option. 

 

All DMZ  server are configured through Objekt Nat. I need to nail two Server on this outside ip with @ least min 5 Ports.

Outside IP ONE

SMTP Server one with only 25 for inter server connection.

 

Outside IP Two

SMTP 2 (DMZ IP 2): 143,587, 25

The 587 and 143 is always triggerd from the outide so there is no Problem but when the client need to send a Mail the mail goes out @ IP One.

FTP (DMZ IP 3): (ftp, ftp-data) 

 

Inbound work well but outbound not.So i think i missed something. 

 

Philipp

 

 

 

Hello Phillip,

 

That is OK, sorry for the late response, I have been busy...

 

So from what I understand then the inbound traffic is working fine from outside to DMZ, you are having issues with the outbound traffic from DMZ to outside, when the traffic is triggerd or created by the dmz servers am I right?

 

Please could you let me know what NAT you are using for outbound traffic? Or can you share the nat configuration replacing the information of the public ips for x.x.x.x

Review Cisco Networking for a $25 gift card