Re: Cannot static nat to MX recorded IP on ASA.

victorrodrigues · ‎03-16-2006

Hi ,

Maybe there is a rule that I'm not aware of so here I am. I was previously using my mail server behind my ISA server which in turn had a direct(real) IP. This same IP has an MX record as pointing to my mail server and once mails hit my ISA , the ISA redirects ports 110,25 & 80 for the WEb access to the Mail server.

Now I am introducing an ASA5520 and I tried to put another REAL ip in the range for my external interface while creating a Static Nat for my REAL (MXed) IP , but that just doesnt seem to be working.

Basically unless my MXed IP is on a physical interface ( like NIC of server or Outside of ASA) , i cannot ping it. IF i position this MXed IP on the outside interface and then try a static nat for any of the other IPs in the range, it works just fine..weird aint it ???

Suggestions?

jackko · ‎03-16-2006

the way to achieve this objective is to configure

static, and inbound acl.

depending on the number of public ip available, the configuration would be different.

1. a single public ip

static (inside,outside) tcp interface 25 25 netmask 255.255.255.255

static (inside,outside) tcp interface 110 110 netmask 255.255.255.255

clear xlate local

access-list 111 permit tcp any interface outside eq 25

access-list 111 permit tcp any interface outside eq 110

access-group 111 in interface outside

2. with multiple public ips:

static (inside,outside) netmask 255.255.255.255

clear xlate

access-list 111 permit tcp any host eq 25

access-list 111 permit tcp any host eq 110

access-group 111 in interface outside

jackko · ‎03-18-2006

the rating indicated that the information provided is not valuable.

please feel free to discuss further.