NAT different for outgoing mail

Unanswered Question
Mar 31st, 2008

I currently am NAT'ing all RFC-1918 addresses out the firewall to the Internet. However, I want outgoing mail to appear to originate from a different IP.

So, 10.0.0.1 NATs out as 1.1.1.50

10.0.0.2 (a mail server) should browse Internet appearing to be 1.1.1.50

10.0.0.2 should connect to remote tcp/25 appearing to be from 1.1.1.75

Any way to accomplish this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
i-kendall Tue, 04/01/2008 - 03:38

I am sure it can be done. If you create an access list for the e-mail traffic, and a separate one for other traffic, and apply each to a different nat statement. The syntax for the nat is a bit different for a router or PIX/ASA,you don't say which you have, but is broadly the same technique.

Hope this helps.

Regards,

Iain

abinjola Tue, 04/01/2008 - 13:04

nat (inside) 1 10.0.0.1

global (outside) 1 1.1.50

access-l abc permit ip host 10.0.0.2 any

nat (inside) 10 access-l abc

global (outside) 10 1.1.1.50

access-l def permit tcp host 10.0.0.2 any eq 25

nat (inside) 20 access-l def

global (outside) 20 1.1.1.75

Actions

This Discussion