ASA and mail server

Unanswered Question
Apr 10th, 2007


I have an ASA 5520 as the gateway firewall with the public address of

I do a static NAT to a GroupWise mail server with the public address of

Using the following statement: static (DIA_INSIDE,DIA_OUTSIDE) Groupwise_Pub Groupwise netmask Everything works just fine with this configuration.

I recently purchased a spam firewall for inbound mail filtering. It has the private address of Spamfilter. I use the following port forwarding statement to pass inbound mail through the spam filter.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub smtp Spamfilter smtp netmask

And this following to allow web access to the real mail server.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub https Groupwise https netmask

All inbound still works just fine. However, the outbound mail now has the source address of rather that which it should be. There is no PTR record for so most mail providers rejects my mail.

The question is: What are the ramifications of changing the physical address of the DIA_OUTSIDE interface from to and then port forward as needed as this would place the address in the mail headers as the source address and resolve the PTR record problem.


Glenn Anderson

[email protected]

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion