03-09-2004 02:05 AM - edited 03-09-2019 06:41 AM
hello,
i have a problem with a mailserver. here is my configuration.
global (outside) 1 x.x.102.227
nat (inside) 0 access-list noNAT
nat (inside) 1 192.168.100.0 255.255.252.0 0 0
nat (inside) 1 192.168.112.0 255.255.252.0 0 0
nat (inside) 1 192.168.120.0 255.255.252.0 0 0
nat (inside) 1 192.168.124.0 255.255.252.0 0 0
nat (inside) 1 192.168.132.0 255.255.252.0 0 0
nat (inside) 1 192.168.136.0 255.255.252.0 0 0
nat (inside) 1 192.168.140.0 255.255.252.0 0 0
nat (inside) 1 192.168.148.0 255.255.252.0 0 0
nat (inside) 1 192.168.164.0 255.255.252.0 0 0
static (inside,outside) tcp x.x.102.228 www 192.168.100.140 www netmask 255.255.255.255 200 200
static (inside,outside) tcp x.x.102.228 https 192.168.100.140 https netmask 255.255.255.255 200 200
static (inside,outside) tcp x.x.102.228 pop3 192.168.100.140 pop3 netmask 255.255.255.255 100 100
static (inside,outside) tcp x.x.102.228 lotusnotes 192.168.100.140 lotusnotes netmask 255.255.255.255 200 200
static (inside,outside) tcp x.x.102.228 smtp 192.168.101.3 smtp netmask 255.255.255.255 100 100
static (inside,outside) x.x.102.253 192.168.100.227 netmask 255.255.255.255 0 0
static (inside,outside) x.x.102.229 192.168.100.76 netmask 255.255.255.255 0 0
static (inside,outside) x.x.102.230 192.168.100.238 netmask 255.255.255.255 0 0
this configuration works fine, but we have some problems with customers with reverse dns and with a record.
so we have to change the configuration. the mailserver with the ip 192.168.100.140 will now translated to the global ip x.x.102.228
I have added the two config lines
global (outside) 2 x.x.102.228
nat (inside) 2 192.168.100.140 255.255.255.255 0 0
i have also cleared the translation table (clear xlate)
and I want to translate the outgoing sessions from 192.168.100.140 to x.x.102.228.
If I add this two lines, I can not connect from the mailserver to the internet.
PIX Version 6.3(1)
Any ideas ??
03-09-2004 04:20 AM
Hi,
You are creating overlaps within your translations (looking at the following parts on your config)
nat (inside) 0 access-list noNAT
nat (inside) 1 192.168.100.0 255.255.252.0 0 0
nat (inside) 2 192.168.100.140 255.255.255.255 0 0
I woudl use nat-id 1 instead of 2 for the specific translation and nat-id 2 for the more global translation (where you are now using 1)
Hope this helps and kind regards,
Leo
03-09-2004 05:06 AM
hi leo,
I have changed the nat id's. But no success.
rene
03-09-2004 05:25 AM
I have updated the software to 6.3(3) and now it works.
:-))
Rene
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide