cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
297
Views
0
Helpful
8
Replies
Majed Zouhairy
Beginner

how to make the internal mail server appear from the secondary real address.

PEace,

I have a wan interface with 3 addresses, and i have an internal mail server. when i send email from the mail server it appears to the world as the primary i address let's say x.y.z.67 . i want it to appear from the secondary address x.y.z.68. how to do that?

i already did a static nat for port 25 110 and 995 and several others, but that only helps when sending mail to the mail server not when sending mail from the mail server.

any help?

1 ACCEPTED SOLUTION

Accepted Solutions

I did a quick lab with this and then forgot to post back :-)

It was on an emulator but I couldn't get it to work.

I tried to create a NAT pool using the secondary IP for the mail server to use but it didn't work.

And there is no way to tell IOS you want to overload the mail server IP to a secondary IP ie. it only overloads on the primary IP on the interface.

The only thing I can think of at the moment is to do a one to one NAT between the mail server real IP and the secondary IP but that assumes you are not using the secondary IP for port forwards to other servers.

Is there a reason it needs to be a secondary IP ie. IOS will still do NAT even if the IP is not assigned to the interface.

Jon

View solution in original post

8 REPLIES 8
Majed Zouhairy
Beginner

no solution to this?

should i do a route map?

I did a quick lab with this and then forgot to post back :-)

It was on an emulator but I couldn't get it to work.

I tried to create a NAT pool using the secondary IP for the mail server to use but it didn't work.

And there is no way to tell IOS you want to overload the mail server IP to a secondary IP ie. it only overloads on the primary IP on the interface.

The only thing I can think of at the moment is to do a one to one NAT between the mail server real IP and the secondary IP but that assumes you are not using the secondary IP for port forwards to other servers.

Is there a reason it needs to be a secondary IP ie. IOS will still do NAT even if the IP is not assigned to the interface.

Jon

View solution in original post

well the problem is that the ip is being used by another server to forward some ports.

i suggested to buy an additional ip and then they revealed to me that we still have 3 unused ip addresses. so i did a one to one static nat like so:

ip nat inside source static 10.0.0.44 x.y.z.65 route-map NAT_MAP extendable

10.0.0.44 is included in the nat_map

and x.y.z.65 is not in the secondary ip list.

as soon as i did this nat mapping all internet traffic seized.

did i do the nat wrong?

also we had this idea, what if we created a sub interface on the wan interface, or that would not help?

Can't really comment on the NAT without seeing full configuration but if it is a one to one mapping why use a route map ?

Using a subinterface would only work if the ISP also setup their end the same way.

I ask again, why are you using secondary IPs anyway ?

Note if you do post the configuration can you make sure you obscure the public IPs as you have in your posts already.

I would just need to know the last octet and also whether all the IPs were from the same range as the IP on the primary interface.

Jon

well it seems it is not necessary to use a secondary ip as you state, but that is how it was when i came here. the internet stopped working when i made the nat to x.y.z.65 because it was the route of last resort in the routing table and i also couldn't add it as a secondary ip, i just used another ip and it worked. i'll fix the static route if i have to use the 65 ip again.

in the end thank you very much for your help.

No problem. glad you got it working.

Just as a side note, when the IPs being used for NAT are from the same IP subnet as the outisde interface you should't need secondary IPs as you say.

But you must make sure proxy arp is enabled on the outside interface which it is by default and obviously is as your NAT is working.

Just thought I'd mention it as I have seen some people turn it off and NAT stopped working.

Jon

well thanks for mentioning that, i did not know that.