03-31-2008 04:12 PM - edited 03-11-2019 05:25 AM
I currently am NAT'ing all RFC-1918 addresses out the firewall to the Internet. However, I want outgoing mail to appear to originate from a different IP.
So, 10.0.0.1 NATs out as 1.1.1.50
10.0.0.2 (a mail server) should browse Internet appearing to be 1.1.1.50
10.0.0.2 should connect to remote tcp/25 appearing to be from 1.1.1.75
Any way to accomplish this?
04-01-2008 03:38 AM
I am sure it can be done. If you create an access list for the e-mail traffic, and a separate one for other traffic, and apply each to a different nat statement. The syntax for the nat is a bit different for a router or PIX/ASA,you don't say which you have, but is broadly the same technique.
Hope this helps.
Regards,
Iain
04-01-2008 07:35 AM
Sorry, the system is an ASA 5500.
04-01-2008 01:04 PM
nat (inside) 1 10.0.0.1
global (outside) 1 1.1.50
access-l abc permit ip host 10.0.0.2 any
nat (inside) 10 access-l abc
global (outside) 10 1.1.1.50
access-l def permit tcp host 10.0.0.2 any eq 25
nat (inside) 20 access-l def
global (outside) 20 1.1.1.75
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: