09-08-2007 01:12 PM - edited 03-11-2019 04:08 AM
I have two external public IPs that used to be mapped one-to-one to two internal private IPs. Now, I want to get rid of one of my internal servers but I want to continue to use my two public IPs but both going to the same server.
Can I do something like this:
static (outside,inside) xxx.xxx.xxx.xxx 25 192.168.7.7 25
static (outside,inside) yyy.yyy.yyy.yyy 110 192.168.7.7 110
So incoming SMTP traffic to the "x" public IP goes to the same server as POP3 traffic does when it is sent to the "y" IP.
Also, since the SMTP server is also going to be sending out email, will I need another "static (inside,outside)" translation for outgoing traffic too or will the previous translation do the outgoing traffic also?
for example, do I need a:
static (inside,outside) 192.168.7.7 25 xxx.xxx.xxx.xxx 25
(or have I got my IPs reversed?)
09-09-2007 04:18 AM
Yes, you can
static (outside,inside) tcp xxx.xxx.xxx.xxx 25 192.168.7.7 25
static (outside,inside) tcp yyy.yyy.yyy.yyy 110 192.168.7.7 110
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043281
09-10-2007 05:15 AM
So you know if I have to put in a new separate "static (inside,outside)" entry to make sure outgoing email port 25 SMTP traffic appears to come from the "xxx.xxx.xxx.xxx" address or is that taken care of already by the "static (outside,inside)" line?
The outgoing email will be traffic initiated by the server, not part of any existing connection that may be incoming and already in the NAT table.
09-10-2007 05:39 AM
oops... sorry
must be
static (inside, outside) tcp xxx.xxx.xxx.xxx 25 192.168.7.7 25
static (inside,outside) tcp yyy.yyy.yyy.yyy 110 192.168.7.7 110
access-list OUTSIDE-IN permit tcp any host yyy.yyy.yyy.yyy eq 110
access-list OUTSIDE-IN permit tcp any host xxx.xxx.xxx.xxx eq 25
access-group OUTSIDE-IN in int outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide