01-25-2013 12:08 AM - edited 03-11-2019 05:52 PM
Hi,
I have some mobile users who have their email client configured with the public IP address of the email server, but when they are in the office they are unable to reach the email server.
ASA is running on version 8.3.1
I have configured the following:
objectnetwork obj_10.0.0.1
host 10.0.0.1
nat (inside,outside) static 123.123.123.123
Also and ACL to permit the required ports for the servers.
Scenario
=======
- Inside user has no problem receiving their email using the private IP of the server
- Users outside can also login to the web service of the email server
- Users with NAT public IP configured on their laptop are unable to receive email in the inside network
Is there anything else that I need to configure as well. I have set the next hop on the client as the ASA.
Hope you guys can help. Thanks.
Solved! Go to Solution.
01-25-2013 12:51 AM
Hi,
Does the server public IP address have a DNS name associated with it?
And if yes, do your LAN users use a public DNS server?
If the above thing are true, you can change the above Static NAT to include a "dns" parameter
objectnetwork obj_10.0.0.1
host 10.0.0.1
nat (inside,outside) static 123.123.123.123 dns
So provided that the following are true
Then after the above addition to the Static NAT configuration the ASA should modify the DNS replys automatically before they reach the LAN hosts. Therefore even if they connect using the DNS name, they would end up using the private IP address to connect because the ASA modifies the reply.
On the other hand if you use a LAN DNS server then this wont help you and will have to perhaps do changes on the local DNS server.
- Jouni
01-25-2013 12:51 AM
Hi,
Does the server public IP address have a DNS name associated with it?
And if yes, do your LAN users use a public DNS server?
If the above thing are true, you can change the above Static NAT to include a "dns" parameter
objectnetwork obj_10.0.0.1
host 10.0.0.1
nat (inside,outside) static 123.123.123.123 dns
So provided that the following are true
Then after the above addition to the Static NAT configuration the ASA should modify the DNS replys automatically before they reach the LAN hosts. Therefore even if they connect using the DNS name, they would end up using the private IP address to connect because the ASA modifies the reply.
On the other hand if you use a LAN DNS server then this wont help you and will have to perhaps do changes on the local DNS server.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide