Solved: NAT-PAT (covert SMTP port to another port) - Page 2

ceaton333 · ‎06-03-2008

Is there a quic and dirty way to convert port 25 incoming from the outside via PAT to another port (2025) on the inside?

We have an ASA5520 and we have a static NAT for our mailserver as well as the security rule that allows port 25 traffic in from a certain destination to our server on port 25 only.

I edited the NAT statement that is already in there to enable PAT to translate all port 25 from the outside

to port 2025 on the inside. It doesn't seem to want to translate the port though. I know this because when I turn of port 25 (receive) on the mail server I get no mail....turn it back on 25, I get mail, so no port translation is happening..

Any ideas?

ceaton333 · ‎06-04-2008

And I will assume that I was having the same problem with Telnet because the source was either random or port 23...

Farrukh Haroon · ‎06-04-2008

yes, or you could have a separate NAT for inside >> outside communication

like:

nat (inside) 1 mail-server-private-ip

global (outside) 1 some-other-public-ip

This might have to be a different public than the one used in the static, but you can try that same IP also, however most probably it will give a 'conflict with existing static' sort of message

Regards

Farrukh

ceaton333 · ‎06-05-2008

Thanks for all the help. I'll see if I can get this to work!

rtjensen4 · ‎06-08-2008

Might have been done, but I dont see reference to it...

After you changed the Nat statement, did you clear the translation out of the translation table?

clear xlate inside