09-06-2012 03:52 AM - edited 03-11-2019 04:50 PM
Q)We have the setup as shown above, our requirement is to access mail server via ports smtp and pop3.
But as the mailserver is hosted at internet users at site were not able to aceess.
we need to nat a intranet ip with mail server ip and mail server ip back to intranet ip and provide the access.
We use ASA 5510 firewall.
As per the company norms we cannot provide the internet access at sites.
Solved! Go to Solution.
09-06-2012 10:16 PM
Hello Muhammad,
Thanks for the rating
Now the syntax would be :
static (outside,inside) 112.1.1.1 192.168.1.1
That is the only command you need, with that the inside users will be able to access 112.1.1.1 when they go to 192.168.1.1
You can restrict the internal traffic with an ACL and allow traffic outbound to 192.168.1.1
Regards,
09-06-2012 09:29 AM
Hello Muhammad,
So you want to nat your the SMTP server to an internal Ip address so users always connect to the private Ip and does not look like they are going to the internet, is that correct?
Let me know if I am missing something
Julio
Regards,
09-06-2012 08:51 PM
Thanks for your responce, yes we have both smtp and pop3 servers, should nat both the ips with intranet ips..
09-06-2012 09:04 PM
Hello Muhammad,
If that is your requirement you can make it happen with an outside Nat and I think it will satisfy your expectations,
Remember to rate all the posts, that for us is more important that a thanks.
Julio
09-06-2012 09:44 PM
Should I write the command
hostname(Cofig)# Static (Outside) intranet ip internet ip netmask 255.255.255.255
example
my mail server ip is 112.1.1.1
ip needs to be mapped is 192.168.1.1
then static outside 192.168.1.1 112.1.1.1 netm,ask 255.255.255.255
RegardsThanveer
09-06-2012 10:16 PM
Hello Muhammad,
Thanks for the rating
Now the syntax would be :
static (outside,inside) 112.1.1.1 192.168.1.1
That is the only command you need, with that the inside users will be able to access 112.1.1.1 when they go to 192.168.1.1
You can restrict the internal traffic with an ACL and allow traffic outbound to 192.168.1.1
Regards,
09-06-2012 11:52 PM
can i write
static(outside,inside)112.1.1.1 tcp 25 192.168.1.1 tcp 25 netmask 255.255.255.255
static(outside,inside)112.1.1.2 tcp 587 192.168.1.1 tcp 587 netmask 255.255.255.255
and i think i shoul ask dns to resolve my name pop3server and smtp ips to internal ips.
Regards
Thanveer
09-07-2012 09:08 AM
Hello Muhammad,
Yes, that can also be done,
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide