cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
535
Views
0
Helpful
8
Replies

Force route

fundataca
Level 1
Level 1

We have a pix 501. I have a primary Ip on the outside interface of 68.x.x.21

I have a secondary IPaddress of 68.x.x.17 that handles incoming mail request. Tne problem is when I send mail through this pix the ip address shows up as 68.x.x.21 and not 68.x.x.17. I need the mail server to use the 17 address to send mail. I know the easy answer is to change the primary ip to the .17 but then I have to deal with external ftp servers we attach to that are setup to allow our ip address of .21

So wehat I need to do is force the mail server in my lan to send useing .17 instead of .21

Thanks

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Hi

if you use the following statement

static (inside,outside) 68.x.x.17 "internal mail server ip" netmask 255.255.255.255

you don't need to worry about secondary addresses.

Jon

Hi Jon

The static is already in there. In bound work fine but on outbound My mail still looks like it comes from the 21 address and not the 17. Is there a acl I need to put in.

Thanks

Stephen

Stephen

Shouldn't have to.

Can you post the NAT config from your firewall (santised)

Jon

Hi Jon

Is this what you need. New at this so please bear with me.

Stephen

Hi Jon

The static is already in there. In bound work fine but on outbound My mail still looks like it comes from the 21 address and not the 17. Is there a acl I need to put in.

Thanks

Stephen

Since you configured the NAT statement, have you do a clear xlate or reboot the pix?

static has Always been there. Reboots a plenty since setup of static. Still no joy

Stephen

Can you post full config + an output of

"sh xlate"

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: