10-22-2008 04:33 AM - edited 03-11-2019 07:01 AM
Hello,
I'm trying to configure a asa 5510 to forward the smtp port to a host on my network. If the destination host is in the same subnet like the asa and the gateway of the host is the inside ip of the asa, all works fine. Now my question, is it posible to redirect the port to a host on an other subnet, where the destination host has not the asa as gateway? On my first try I got a SYN Timeout error. Is it true, that the tcp handshake only works if the destination host has the asa as gateway?
Thanks for your help!
10-22-2008 05:09 AM
It should work fine. Just make sure the ASA has a route to the other network.
10-22-2008 06:09 AM
the asa has a route to the other network. the trace route to the destination host is successful and the trace route from the destination host to the inside interface from the asa ist successful. but, i still get a SYN Timeout Error on the asa...
mike
10-22-2008 05:11 AM
Interesting issue - never really played around with this. However in theory - it should make no difference, as longs as the following are true:-
1) The ASA has a route for the remote IP subnet pointing to a next hop device, it's connected to; ideally a layer 3 router.
2) The remote IP subnet also can route back to the ASA, via a layer 3 router.
At the end of the day - it's down to routing IP properly in the network.
HTH>
10-23-2008 08:24 AM
This sounds like a route is missing. Likely missing on the subnet side. This is where I's look.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide