Having incoming and outgoing mail use the same public IP address

Unanswered Question
Aug 22nd, 2007

HI Guys,

I have a little problem that I am failing to resolve. We a mail relay server with two interfaces connected to the same network in between to firewall. The problem I have is that emails coming from the Internet (81.165.24.244) are translated to an internet IP address (10.0.0.3) witch is the IP address of one of the interfaces on the mail relay.

E-mails going to the Internet are from the mail relay interface (10.0.1.9) with is translated to an IP address 81.165.24.242. How can I configure the PIX to translate the 10.0.1.9 to 81.165.24.244 while I have 81.165.24.244 already static translated to 10.0.0.3?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hsajwan Tue, 08/28/2007 - 13:16

Try this..

nat (inside) 101 10.0.1.9 255.255.255.255

global (outside) 101 81.165.24.244

clear xlate

Fernando_Meza Wed, 08/29/2007 - 19:05

Hi .. what you suggest might work, however it is not recommended because you are using the same IP address for PAT and also static NAT. but again it might work.

jeremyault Wed, 08/29/2007 - 16:34

One static nat coming in (which you say you already have) - and one static nat going out.

static (outside,inside) 10.0.0.3 81.165.24.244 netmask 255.255.255.255 0 0

static (inside,outside) 81.165.24.244 10.0.1.9 netmask 255.255.255.255 0 0

In the above, I'm assuming the mail server is off the "inside" interface. If not, just change inside to whatever it actually is.

You'll need an ACL to let email traffic in. Hopefully I didn't mess this up.

access-list 101 permit ip any host 81.165.24.244 eq smtp

access-group 101 in interface outside

jeremyault Sun, 09/02/2007 - 14:12

OOPS wait - correction. my bad!

The acutal format is -- static ("to interface","from interface") "from address" "to address"

Therefore, the static NAT for traffic from internet to mail server will be:

static (inside,outside) 81.165.24.244 10.0.0.3

And the static NAT for the traffic from the mail server to the internet will be:

static (outside,inside) 10.0.1.9 81.165.24.244

Actions

This Discussion