05-08-2024 02:04 AM
Where I work we are having some problems with sending bulk email from a single public IP address, as several emails are being blocked or delayed.
Currently the server has a 1-to-1 NAT with a specific .73 IP address.
The request I got is to distribute email sending to 2 different public Ip addresses, and I immediately thought of using a NAT with PAT pool in round robin.
I then used this configuration on my Cisco ASA-SM to try to distribute the outbound SMTP "load" over the 2 IP addresses, namely .73 and .74, keeping the .73 for access to other services on the Internet:
nat (webdmz,outside) source dynamic email-server pat-pool smtp_addresses_range round-robin service smtp smtp description For SMTP email send
-
object-group network smtp_addresses_range
description Used in Round-robin for email send
network-object host xx.yy.zz.73
network-object host xx.yy.zz.74
-
# THIS IS THE ORIGINAL 1-to-1 NAT THAT MUST BE KEPT
object network email-server
host 10.aa.bb.73
nat (webdmz,outside) static xx.yy.zz.73
The problem is that all the connections were always NAT'ed using the .73 address.
05-08-2024 02:07 AM
You have two private IP and one public IP or opposite?
MHM
05-08-2024 02:27 AM
One private IP, the server (10.x.x.73), and I'd like it to use 2 public Ip addresses (207.x.x.73 and 207.x.x.74) to spread the email send and avoid the email delay/blocking issue.
Note that the private IP address already has a one-to-one nat to one public Ip address (last octet of the address is the same) through which receives incoming connections (FTPS server).
05-21-2024 05:24 AM
@MHM Cisco World I would like to know if you spotted any error in my configuration, or if you have a workaround for my issue.
I do really appreciate your support.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide