08-22-2007 01:15 AM - edited 03-11-2019 04:00 AM
HI Guys,
I have a little problem that I am failing to resolve. We a mail relay server with two interfaces connected to the same network in between to firewall. The problem I have is that emails coming from the Internet (81.165.24.244) are translated to an internet IP address (10.0.0.3) witch is the IP address of one of the interfaces on the mail relay.
E-mails going to the Internet are from the mail relay interface (10.0.1.9) with is translated to an IP address 81.165.24.242. How can I configure the PIX to translate the 10.0.1.9 to 81.165.24.244 while I have 81.165.24.244 already static translated to 10.0.0.3?
08-28-2007 01:09 PM
08-28-2007 01:16 PM
Try this..
nat (inside) 101 10.0.1.9 255.255.255.255
global (outside) 101 81.165.24.244
clear xlate
08-29-2007 07:05 PM
Hi .. what you suggest might work, however it is not recommended because you are using the same IP address for PAT and also static NAT. but again it might work.
08-29-2007 04:34 PM
One static nat coming in (which you say you already have) - and one static nat going out.
static (outside,inside) 10.0.0.3 81.165.24.244 netmask 255.255.255.255 0 0
static (inside,outside) 81.165.24.244 10.0.1.9 netmask 255.255.255.255 0 0
In the above, I'm assuming the mail server is off the "inside" interface. If not, just change inside to whatever it actually is.
You'll need an ACL to let email traffic in. Hopefully I didn't mess this up.
access-list 101 permit ip any host 81.165.24.244 eq smtp
access-group 101 in interface outside
09-02-2007 02:12 PM
OOPS wait - correction. my bad!
The acutal format is -- static ("to interface","from interface") "from address" "to address"
Therefore, the static NAT for traffic from internet to mail server will be:
static (inside,outside) 81.165.24.244 10.0.0.3
And the static NAT for the traffic from the mail server to the internet will be:
static (outside,inside) 10.0.1.9 81.165.24.244
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: