Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
15
Helpful
5
Replies

reidirect ip address for a protcol with ASA 5500

mawallace
Level 1
Level 1

‎01-06-2012 06:54 AM - edited ‎03-11-2019 03:11 PM

I have an issue, which I know what it is, do not know how to solve!!

On the inside interface and network, we have a server at, (as an example) 192.168.87.1, which acts as an email server.

The outside ip address of the ASA is, say, 200.0.0.1.

The ASA directs any imap requests from the outside interface to 192.168.87.1, which works fine from the outside. Users simply open up email, and collect emails etc.

Butt.. wwhen they come inside the office, their machine of course attempts to contact the ip address 200.0.0.1. the ASA knows it is outside interface, so they are unable to collect emails.

Any ideas as to how solve this issue, so that any internal IMAP requests from machines on the inside to 200.0.0.1 are directed to the machine inside on 192.168.87.1?

Labels:
0 Helpful
5 Replies 5

varrao
Level 10
Level 10

‎01-06-2012 07:31 AM

Hi,

Yes you would need to configure u-turning on the ASA for it, can you let me know the ASA version that you aere using???

If its pre 8.3 then this should be your config:

nat (inside) 1 0.0.0.0 0.0.0.0

global (inside) 1 interface

static (inside,inside) 200.0.0.1 192.168.87.1 norand nailed

same-security-trafic permit intra-interface

Hope it helps,

Thanks,

Varun

Thanks,
Varun Rao

mawallace
Level 1
Level 1
In response to varrao

‎01-06-2012 08:11 AM

Version 8.2 (2)

Will the config redirect all traffic - i only want it to redirect imap

Mark

0 Helpful

varrao
Level 10
Level 10
In response to mawallace

‎01-06-2012 08:33 AM

If you only want imap then you can use port forwarding:

static (inside,inside) tcp 200.0.0.1 143 192.168.87.1 143 norand nailed

Thanks,

Varun

Thanks,
Varun Rao

mawallace
Level 1
Level 1
In response to varrao

‎01-06-2012 08:56 AM

Is there a easy way to do this via the graphical interface?

I tried enterting this via command line, and got told "invalid host"

It is highling the nailed part of the command!

0 Helpful

varrao
Level 10
Level 10
In response to mawallace

‎01-06-2012 09:03 AM

Hi,

Its a bit difficult for me to explain it on the firum, how to do it through the GUI, but you can definitely refer the configuration guide for it:

http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/about.html

Thanks,

Varun

Thanks,
Varun Rao
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card