Outgoing SMTP from multiple servers through single public IP

TheKm · ‎01-30-2019

edited for max clarity

I have three internal mail servers at x.x.x.41-43, respectively, and I need all their outgoing port 25 traffic to leave my network at a specific public IP (x.x.x.112) other than the default IP on the physical interface it passes through. I know how to do 1:1, but not many:1.

The end goal is to have my mail filter, mimecast, see my outbound messages come through via that 112 IP, regardless of which mail server processes the message. Incoming hits that same IP, but it nats to a load balancer, which I can't use in the other direction, so I need a method to translate the traffic at the fw/router level.

Basically, I'm a sysadmin and don't do this kind of networking much, so I'm a bit out of my depth. What I really need is procedure, if anyone would be so kind as to write or paste it.

I'm running a 5508x, and have plenty of available IPs in that block if need be.

Richard Burts · ‎01-30-2019

The title of the post asks about multiple servers sending outbound traffic using port 25. That should be easy and straightforward. The most easy approach would be to build a translation rule for the entire subnet where the servers are. Another approach could be to define an object (or object-group) that defines the servers and then build a translation rule for that object.

HTH

Rick

HTH

Rick

TheKm · ‎01-30-2019

I updated the original for clarity, but, yes, I understand that I need to NAT this. The question is how. The group already exists.

Alan Ng'ethe · ‎01-30-2019

nat (inside,outside) source static smtp-servers 1.1.1.112 service smtp smtp

The network object 'smtp-servers' contains the ip addresses of the internal mail servers

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

Deepak Kumar · ‎01-30-2019

Hi,

I hope it will work. As I understand that you are looking that your SMTP server will send outgoing SMTP traffic from a specific public ip

hostname(config)# object network my-inside-net

hostname(config-network-object)# host 192.168.2.1

hostname(config-network-object)# nat (inside,outside) dynamic 1.1.1.112

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Richard Burts · ‎01-30-2019

There must be some aspect of this situation that I do not understand. It seems fairly simple to me. If there are servers in the network that need outbound traffic on port 25 then I would think a simple dynamic nat for those addresses should be sufficient. The example from Deepak seems appropriate. If the question were incoming traffic on port 25 then it becomes a bit more complicated and some static nat would be required (and more difficult if there are several servers receiving it). The original poster says the group already exists. I am not clear what group that is or why that complicates or prevents the dynamic nat.

HTH

Rick

HTH

Rick

TheKm · ‎01-30-2019

I re-re edited the original to be clearer.

Nothing's preventing the process (at least, that I know of). I'm just not particularly familiar (read: not at all familiar) with the implementation process. Appreciate the contribution and patience.

Richard Burts · ‎01-31-2019

The re-edited description is much better and does clarify the issue. I believe that the suggestion from Alan seems appropriate.

HTH

Rick

HTH

Rick