Hello.Configuration should be

stremblay1026 · ‎03-23-2014

Hello,

I recently installed an 5512X ASA which is running ASA 8.6. My expierence with ASA's is limited to ASA 8.2. I understand the way NAT works in 8.3+ has changed and have managed to get inbound NATs working OK. The only issue I'm facing now is I'm trying to NAT outbound SMTP traffic to the external IP address that's used for inbound SMTP so my SPF records match as well as the rDNS records. Currently, all SMTP traffic is flowing out via the main firewall IP. I want all SMTP traffic from internal IP 10.10.1.22 to appear from a public IP that's not the IP address of the firewall.

In 8.2, I would have used an access-list to do this and would have applied it to the interface but I'm having trouble figuring out how to do this in 8.6. Everytime I try something it breaks inbound mail which can't happen as my company is a 24x7 operation. Can someone kindly show me the commands needed to accomplish this?

Thanks!

Vasilii Mikhailovskii · ‎03-26-2014

Hello.

Configuration should be like this:

network object PUBLIC_SMTP
host 1.1.1.1

network object INTERNAL_SMTP
host 10.1.1.1
nat (inside,outside) static PUBLIC_SMTP

access-list OUTSIDE_IN extended permit tcp any object INTERNAL_SMTP eq 25

Julio Carvajal · ‎03-26-2014

Hello,

Do you refer to only traffic generated from the server or both Inbound and Outbound?

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

How do I NAT outbound SMTP traffic to specific IP address?