08-17-2010 10:24 AM - edited 03-11-2019 11:27 AM
I have a 5505 running 8.3 and am using ADSM 6.3 to configure it. I have a dynamic PAT setup for the network I'm on and am trying to setup static bidirectional NAT for SMTP to a particular host. (I do have two external connections in this configuration.) Here are my current NAT commands:
!
object network Host-Dino
nat (inside,cox) static Ext-mail service tcp smtp smtp
!
nat (any,any) after-auto source static any any destination static Ext-Web Host-Henry service http http description Address xlate for web server
nat (any,any) after-auto source static any any destination static Ext-WebAcccess Host-Bambam service https https description Address Xlate from external WebAccess address to Bambam
nat (inside,cox) after-auto source dynamic any interface description Outbound for normal networks
nat (inside,disc) after-auto source dynamic any interface description Outbound to DISC hosts
nat (DMZ,cox) after-auto source dynamic any interface description Outbound from DMZ to Cox
nat (DMZ,disc) after-auto source dynamic any interface description Outbound from DMZ to DISC
Dino sits on the inside interface of the ASA. However, when I send out mail, it goes out the interface IP and not the Ext-mail IP. Confusingly, if I take out the nat (inside,cox) command, it will pick up on the object NAT and work correctly. Also, the inbound SMTP connection works if the external host connects to the Ext-mail IP address. I thought from the docs that object NAT should take priority. What do I need to do to make this function correctly with the SMTP traffic going out a different IP address.
I tried to debug this with the packet trace function. When I use Dino's IP address, source port of 25 and destination port of 25, it translates the packet correctly.
--
Jon
08-21-2010 03:03 PM
When dino sends e-mail it will not source from port 25. It will be high port. That is why it looks like the interface when going out. I have discussed it here: http://www.youtube.com/watch?v=kRY8DuaRp5U
You need the following:
!
object network Host-Dino_outbound
host x.x.x.x
nat (inside,out) dynamic Ext-mail
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide