Hello,

I have a strange problem regarding static NAT that can't figure out. PIX 505 ver 6.3(3) two interfaces.

Let's see... I have a Lotus Notes server (10.1.1.14 internal, 200.x.x.190 external) which resides on the inside interface. When configured like the following everything works well. Users can send and receive mail using Notes Client internally and the webmail interface when they are out of the office.

access-list ACL_OUT permit tcp any host 200.x.x.190 eq smtp

access-list ACL_OUT permit tcp any host 200.x.x.190 eq www

access-list ACL_OUT permit tcp any host 200.x.x.190 eq https

global (outside) 1 200.x.x.165-200.x.x.185 netmask 255.255.255.224

nat (inside) 1 10.1.1.0 255.255.255.0 0 0

static (inside,outside) 200.x.x.190 10.1.1.14 netmask 255.255.255.255 0 0

access-group ACL_OUT in interface outside

Now I'm setting up an antispam server (10.1.1.20 internal, 200.x.x.190 external) which intercepts smtp connections and then forwards acceptable mail to the Notes server. So my static rules changes like this:

static (inside,outside) tcp 200.x.x.190 www 10.1.1.14 www netmask 255.255.255.255 0 0

static (inside,outside) tcp 200.x.x.190 https 10.1.1.14 https netmask 255.255.255.255 0 0

static (inside,outside) tcp 200.x.x.190 smtp 10.1.1.20 smtp netmask 255.255.255.255 0 0

So incoming mail is received first on the antispam server and Webmail access is still performed on the Lotus server.

Problem is... this second config doesn't work at all. I can't receive any mail from the world outside and users can't access the webmail interface. I've done clear xlate, clear arp and even reboot the PIX and still nothing. The servers are working and accepting connections from the internal network.

I'm at loss, any ideas will be appreciated.

Carlos