cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1185
Views
8
Helpful
7
Replies

natting public ip to private and vice versa

                   netd.JPG

Q)We have the setup as shown above, our requirement is to access mail server via ports smtp and pop3.

But as the mailserver is hosted at internet users at site were not able to aceess.
we need to nat a intranet ip with mail server ip and mail server ip back to intranet ip and provide the access.

We use ASA 5510 firewall.

As per the company norms we cannot provide the internet access at sites.

1 Accepted Solution

Accepted Solutions

Hello Muhammad,

Thanks for the rating

Now the syntax would be :

static (outside,inside) 112.1.1.1 192.168.1.1

That is the only command you need, with that the inside users will be able to access 112.1.1.1 when they go to 192.168.1.1

You can restrict the internal traffic with an ACL and allow traffic outbound to 192.168.1.1

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Muhammad,

So you want to nat your the SMTP server to an internal Ip address so users always connect to the private Ip and does not look like they are going to the internet, is that correct?

Let me know if I am missing something

Julio

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for your responce, yes we have both smtp and pop3 servers, should nat both the ips with intranet ips..

Hello Muhammad,

If that is your requirement you can make it happen with an outside Nat and I think it will satisfy your expectations,

Remember to rate all the posts, that for us is more important that a thanks.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Should I write the command

hostname(Cofig)# Static (Outside) intranet ip internet ip netmask 255.255.255.255

example

my mail server ip is 112.1.1.1

ip needs to be mapped is 192.168.1.1

then static outside 192.168.1.1 112.1.1.1 netm,ask 255.255.255.255

  RegardsThanveer

Hello Muhammad,

Thanks for the rating

Now the syntax would be :

static (outside,inside) 112.1.1.1 192.168.1.1

That is the only command you need, with that the inside users will be able to access 112.1.1.1 when they go to 192.168.1.1

You can restrict the internal traffic with an ACL and allow traffic outbound to 192.168.1.1

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

can i write

static(outside,inside)112.1.1.1 tcp 25 192.168.1.1 tcp 25 netmask 255.255.255.255

static(outside,inside)112.1.1.2 tcp 587 192.168.1.1 tcp 587 netmask 255.255.255.255

and i think i shoul ask dns to resolve my name pop3server and smtp ips to internal ips.

Regards

Thanveer

Hello Muhammad,

Yes, that can also be done,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: