cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
916
Views
0
Helpful
5
Replies

Having incoming and outgoing mail use the same public IP address

boucco001
Level 1
Level 1

HI Guys,

I have a little problem that I am failing to resolve. We a mail relay server with two interfaces connected to the same network in between to firewall. The problem I have is that emails coming from the Internet (81.165.24.244) are translated to an internet IP address (10.0.0.3) witch is the IP address of one of the interfaces on the mail relay.

E-mails going to the Internet are from the mail relay interface (10.0.1.9) with is translated to an IP address 81.165.24.242. How can I configure the PIX to translate the 10.0.1.9 to 81.165.24.244 while I have 81.165.24.244 already static translated to 10.0.0.3?

5 Replies 5

hsajwan
Level 1
Level 1

Try this..

nat (inside) 101 10.0.1.9 255.255.255.255

global (outside) 101 81.165.24.244

clear xlate

Hi .. what you suggest might work, however it is not recommended because you are using the same IP address for PAT and also static NAT. but again it might work.

jeremyault
Level 1
Level 1

One static nat coming in (which you say you already have) - and one static nat going out.

static (outside,inside) 10.0.0.3 81.165.24.244 netmask 255.255.255.255 0 0

static (inside,outside) 81.165.24.244 10.0.1.9 netmask 255.255.255.255 0 0

In the above, I'm assuming the mail server is off the "inside" interface. If not, just change inside to whatever it actually is.

You'll need an ACL to let email traffic in. Hopefully I didn't mess this up.

access-list 101 permit ip any host 81.165.24.244 eq smtp

access-group 101 in interface outside

OOPS wait - correction. my bad!

The acutal format is -- static ("to interface","from interface") "from address" "to address"

Therefore, the static NAT for traffic from internet to mail server will be:

static (inside,outside) 81.165.24.244 10.0.0.3

And the static NAT for the traffic from the mail server to the internet will be:

static (outside,inside) 10.0.1.9 81.165.24.244

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: