Solved: Convert static NAT to PAT

Mattthew Haworth · ‎05-28-2013

Hello all

I have an issue, of two parts. The first part I believe I have figured out, just the second part I am unsure of. I have an ASA 5510, currently, there is a mailserver that is static NAT'ed to one of my ISP routed IPs (not the IP of my main Dynamic PAT/Outside interface). I need to convert this over to PAT for ports 25,80,443, etc (standard ports). I know I need to remove the static NAT statement and add in the PAT statements, but I need traffic from that machine to continue to go out the IP assigned to it by the static NAT.

E.G.

1.1.1.1 <- main public IP on outside interface, everything gets internet through this IP

1.1.1.2 <-> 10.10.10.10 static NAT to mailserver, secured with ACLs

I need to enable the mailserver to continue to appear to the world as living on 1.1.1.2, due to MX records and rDNS settings, etc...

The terminology for this setup escapes me at the moment. Any pointers?

Eddy Duran · ‎05-28-2013

Hello Mathew,

The PAT statements work bidirectionall. Lets say that you have statements for ports 25,80 and 443. The traffic generated from the server on those ports its still going to use the 1.1.1.2 IP for going out.

Let me know if you have any doubt or question.

-Eddy Duran

View solution in original post

Eddy Duran · ‎05-28-2013

Hello Mathew,

The PAT statements work bidirectionall. Lets say that you have statements for ports 25,80 and 443. The traffic generated from the server on those ports its still going to use the 1.1.1.2 IP for going out.

Let me know if you have any doubt or question.

-Eddy Duran

Mattthew Haworth · ‎05-31-2013

I ended up having to put a dynamic nat to the inside host for the secondary outside IP. this allowed the traffic generated from the server to go out the correct public ip.