03-31-2008 04:12 PM - edited 03-11-2019 05:25 AM
I currently am NAT'ing all RFC-1918 addresses out the firewall to the Internet. However, I want outgoing mail to appear to originate from a different IP.
So, 10.0.0.1 NATs out as 1.1.1.50
10.0.0.2 (a mail server) should browse Internet appearing to be 1.1.1.50
10.0.0.2 should connect to remote tcp/25 appearing to be from 1.1.1.75
Any way to accomplish this?
04-01-2008 03:38 AM
I am sure it can be done. If you create an access list for the e-mail traffic, and a separate one for other traffic, and apply each to a different nat statement. The syntax for the nat is a bit different for a router or PIX/ASA,you don't say which you have, but is broadly the same technique.
Hope this helps.
Regards,
Iain
04-01-2008 07:35 AM
Sorry, the system is an ASA 5500.
04-01-2008 01:04 PM
nat (inside) 1 10.0.0.1
global (outside) 1 1.1.50
access-l abc permit ip host 10.0.0.2 any
nat (inside) 10 access-l abc
global (outside) 10 1.1.1.50
access-l def permit tcp host 10.0.0.2 any eq 25
nat (inside) 20 access-l def
global (outside) 20 1.1.1.75
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide