I have a mail server internal to my network. The config below allows mail from the outside world to reach my mail server on 21, but when my server sends mail the destination mail server receives the mail from 20. The packets seem to be NATed by the rule that NATs the network and not the static NAT rule on the outbound traffic. Is there a way to have the outbound traffic from my mail server to be NATed to 21?
ip nat pool ovrld x.x.x.20 x.x.x.20 prefix-length x
ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/1 overload
ip nat inside source static tcp 10.0.0.10 25 x.x.x.21 25 route-map SDM_RMAP_8 extendable
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
access-list 109 permit ip host 10.0.0.10 any
route-map SDM_RMAP_2 permit 1
match ip address 102
route-map SDM_RMAP_8 permit 1
match ip address 108
At least it has excluded it from the general network NAT. Now we can concentrate on why the static NAT does not work.
The problem may be because the static NAT entry. The problem may be that you have specified the port. As it is a source NAT, it is expecting the source port to be 25. I'm not 100% sure, but I think SMTP connections may be from a dynamic port, to port 25.
I suggest you try removing the port 25 part of the static NAT. That at least will tell you if the staic NAT can be made to work. Then put the port 25 as the destination in the NAT filter ... access-list 109.
While you are about it, you could modify your exclusion clause so that only traffic destined for port 25 is excluded. That way your mail server could use the general network NAT for non-SMTP traffic.
So, let's see, that makes something like:
</p><p>ip nat pool ovrld x.x.x.20 x.x.x.20 prefix-length x </p><p>ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/1 overload </p><p>ip nat inside source static 10.0.0.10 x.x.x.21 route-map SDM_RMAP_8 extendable </p><p></p><p>access-list 102 deny tcp host 10.0.0.10 any eq 25</p><p>access-list 102 deny tcp host 10.0.0.10 eq 25 any</p><p>access-list 102 permit ip 10.0.0.0 0.0.0.255 any </p><p></p><p>access-list 108 permit tcp host 10.0.0.10 any eq 25 </p><p>access-list 108 permit tcp host 10.0.0.10 eq 25 any </p><p></p><p>route-map SDM_RMAP_2 permit 1 </p><p>match ip address 102 </p><p>! </p><p>route-map SDM_RMAP_8 permit 1 </p><p>match ip address 108 </p><p>