Solved: configure bi directional nat

aproductions · ‎03-30-2005

hi,

i have an issue with some mail servers rejecting some of our mail because the address that our mail server goes out on is not the same one that it resolves to.

this is because i have the following configured:

static (inside,outside) tcp x.x.161.101 smtp Exchange1 smtp netmask 255.255.255.255 0 0

(which covers from the outside in)

then :

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

global (outside) 1 interface

(which gives a different address for inside to outside mail)

i thought that the static would cover bi-directional nat'ing.

i am not sure how i can fix this.

thanks

sam

mhussein · ‎03-30-2005

Yes, I think your best option is to assign a dedicated public ip address for the mail server.

However, you can try this configuration using "Policy NAT":

access-list mailer permit tcp host Exchange1 any eq smtp

nat (inside) 2 access-list mailer

global (outside) 2 x.x.161.101

Please let me know if this works

View solution in original post

mhussein · ‎03-30-2005

Hello,

Please clarify this: is there any reason you can't use one-to-one static

static (inside,outside) x.x.161.101 Exchange1 netmask 255.255.255.255 0 0

i.e, is x.x.161.101 used for other servers as well?

Regards,

Mustafa

aproductions · ‎03-30-2005

would that fix it?

there is a reason as we are translating a different port(80) on that ip address to another internal server.

mhussein · ‎03-30-2005