Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
3
Replies

Nat Question: Is this doable?

mingram27
Level 1
Level 1

‎04-12-2013 07:57 AM - edited ‎03-11-2019 06:27 PM

Here is the scenarion:

- would like to route any internal traffic thats SMTP based only to internal email server ( x 2 )

- The default gateway is already set on the email server to go out the outside interface

Can this be done on an ASA, I am thinking this more of a routing issue that NAT statement.

NAT LAN_Traffic_port25 --> INT_MailServer_Only    (I am thinking its not posssible or it even make sense).

What do you think?

Thank you very much guys for you answers in advance

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎04-12-2013 10:40 AM

Hello Matthew,

looks that what you are looking is some sort of PBR which is not supported,

give it another try and explain it a liitle more in detail and clear and let's see if we can do something okay?

Remember to rate all of the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

mingram27
Level 1
Level 1
In response to Julio Carvajal

‎04-12-2013 02:14 PM

Thanks Jay!  I will try it again...

I have 3 email servers on my network, all 3 has hub roles and transport roles. One server with hub, transport and CAS role (sorry I know this is not a a Windows forum but I want people to get the picture).

- Affectively I want ONLY 2 of the 3 Exchange Servers to handle all SMTP traffic from internal and external clients (inside network and outsite network).

- routing inbound to port 25 is easy to do, but how would I tell all of my internal (LAN) to go to INT_IP of mail server?

- I dont think I can set a default GW specifically for SMTP traffic...can I?

Hope that helps

Thank you

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to mingram27

‎04-12-2013 02:19 PM

Hello Matthew,

You could with PBR but in the ASA that is not supported,

On a router you could basicallyu match all TCP SMTP traffic and set it to go to a specific address DG.

You follow me?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card