I dont think this is possible, please correct me if I am wrong.

The Mail server should relay back to the AV Mail Relay in the DMZ to send the Emails and not directly send Emails to the Internet, in this setup the Email is also scanned outbound.

example:

access-list outside permit tcp any host Mail-MX eq smtp

access-group outside in interface outside

static (dmz,outside) Mail-MX-PubIP AV-Relay-DMZ-IP netmask 255.255.255.255

static (inside,dmz) InsideNetwork InsideNetwork netmask 255.255.255.0 0 0

access-list dmz .... (All other service that have outbound connections)

access-list dmz permit tcp host AV-Relay-DMZ-IP host MailServer-Internal-IP eq smtp

access-group dmz in interface dmz

The Inside Email Server connects to the DMZ Private IP of the Email Relay.

sincerely

Patrick

Correct this is how it is currently configured, however the server crew would like to only scan inbound smtp traffic and send outbound traffic driectly to thru the firewall. Is it possible to have inbound NAT NAT to box A and outbound NAT from Box B using the same NATing address?

The goal is to use the same public ip but nat in traffic to the a/v box and outbound traffic (email server) from a different box/ip address. Some security devices will not except smtp from different ip address. Is this possible?

That is what is happening in the above example. we are natting the inbound traffic to a/v box. and not natting the outbound traffic to the same ip address. If you see i have used the same ip address for global. Please see I am not using one to one static nat for a/v box.

Hi,

sorry for my vocab in the last conversation. I was able to understand ur problem that few mailing servers would do a reverse lookup for incoming mail and if the ip address doesnot match the registered one would reject the mail. If you look at the solution provided we are taking care of the same thing.