07-09-2013 02:40 AM - edited 03-11-2019 07:09 PM
Hello Community.
My inbound smtp NAT works well, but our mail server should have the same IP address on the outside interface as definded in the inbound nat.
But the smtp server allways got the IP address of the outside interface of our ASA.
How do i do outbound nat, my smtp server should have the IP address 217.168.46.155 and not the IP address 217.168.46.154.
Relevant config:
interface Vlan10
nameif inside
security-level 100
ip address 192.168.1.200 255.255.255.0
interface Vlan99
nameif outside
security-level 0
ip address 217.168.46.154 255.255.255.248
object network Z1_SMTP
host 192.168.1.9
description NAT Z1 SMTP
object-group service Z1SecureMailPorts
description Z1 Secure Mail Ports
service-object tcp destination eq smtp
access-list outside_access_in extended permit object-group Z1SecureMailPorts any host 192.168.1.9 log
object network Z1_SMTP
nat (inside,outside) static 217.168.46.155 service tcp smtp smtp
nat (inside,outside) after-auto source dynamic 192.168.1.0_24 interface
nat (guest,outside) after-auto source dynamic 172.16.20.0_24 interface
Kind regards
Solved! Go to Solution.
07-09-2013 02:51 AM
Hi,
Try adding this configuration
object network MAIL-SERVER-SOURCE
host 192.168.1.9
object network MAIL-SERVER-PAT
host 217.168.46.155
nat (inside,outside) after-auto 1 source dynamic MAIL-SERVER-SOURCE MAIL-SERVER-PAT
The above configurations should make it so that the mail server would use the public IP address of 217.168.46.155 as the Dynamic PAT address when it initiates outbound connections through the ASA
The key thing to notice in the "nat" command is that we enter the number that states that it should be at the top of the Section 3 NAT configurations (the configurations using "after-auto" parameter)
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni
07-09-2013 02:51 AM
Hi,
Try adding this configuration
object network MAIL-SERVER-SOURCE
host 192.168.1.9
object network MAIL-SERVER-PAT
host 217.168.46.155
nat (inside,outside) after-auto 1 source dynamic MAIL-SERVER-SOURCE MAIL-SERVER-PAT
The above configurations should make it so that the mail server would use the public IP address of 217.168.46.155 as the Dynamic PAT address when it initiates outbound connections through the ASA
The key thing to notice in the "nat" command is that we enter the number that states that it should be at the top of the Section 3 NAT configurations (the configurations using "after-auto" parameter)
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni
07-09-2013 12:11 PM
Thanks Jouni, you're allways right. Godfather of NAT :-)
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide