11-24-2010 06:38 PM - edited 03-04-2019 10:34 AM
I have the following problem. I have a nat pool and route map defined to NAT certain internal subnets to a specific WAN IP. Works fine. I then have a Static NAT entry for port 25 to our Exchange Server listening on another specific WAN IP. Works great INBOUND but OUTBOUND all connections from Exchange seem to go out matching the NAT POOL.
I've used a similiar config before but not using NAT POOLS and it worked fine. What is the best way around this?
Goal: Server 10.1.11.2 outbound connections go out on 209.*.*.135
ip nat pool pri-servers-pool 209.*.*.131 209.*.*.131 netmask 255.255.255.240
ip nat inside source route-map outbound-pri-servers pool pri-servers-pool overload
ip nat inside source static tcp 10.1.11.2 25 209.*.*.135 25 extendable
access-list 2 permit 10.1.10.0 0.0.0.255
access-list 2 permit 10.1.11.0 0.0.0.255
route-map outbound-pri-servers permit 10
match ip address 2
match interface FastEthernet0
11-25-2010 01:35 AM
hello,
Can you post sh ip nat trans for 10.1.11.2.
thx
11-25-2010 01:56 AM
Hi,
ip nat pool pri-servers-pool 209.*.*.131 209.*.*.131 netmask 255.255.255.240
ip nat inside source route-map outbound-pri-servers pool pri-servers-pool overload
ip nat inside source static tcp 10.1.11.2 25 209.*.*.135 25 extendable
access-list 2 permit 10.1.10.0 0.0.0.255
access-list 2 permit 10.1.11.0 0.0.0.255
route-map outbound-pri-servers permit 10
match ip address 2
match interface FastEthernet0
if you want outbound traffic initiated by your server to use the *.135 address then
1) in ACL 2 :
ip access-list standard 2
15 deny host 10.1.11.2
2) create a second pool for this server with another ACL permitting this host
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide