NAT design help for 515E

Unanswered Question
Feb 17th, 2010

We have a PIX515E on software 8.0(4).  We are in the process of upgrading our mail gateway and I need to modify our NAT statement to facilitate traffic.  Here is the scenario:  The mail gateway has an inbound and outbound interface on the same private subnet.  Incoming mail-flow will translate from <public address A>:25 to <incoming gateway interface 1>:25.  Outgoing mail-flow will translate from <outgoing gateway interface 2>:25 to <public address A>:25.   Is it possible to create a Dynamic Policy NAT rule to establish communication?  Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Wed, 02/17/2010 - 10:39

Hi,

Since this is a server, I will recommend a STATIC NAT instead than dynamic NAT.

Will this work for you?

Federico.

RegionDist19 Wed, 02/17/2010 - 10:48

A static NAT using PAT was my original approach.  I could set this up easily for incoming mail.  The problem is dealing with the outgoing interface on the mail gateway.  This interface has a different private IP, but is also using port 25.  I am not sure how the PIX would translate outgoing mail (from this second interface) on the same public IP (as incoming).

Jon Marshall Wed, 02/17/2010 - 10:53

RegionDist19 wrote:

A static NAT using PAT was my original approach.  I could set this up easily for incoming mail.  The problem is dealing with the outgoing interface on the mail gateway.  This interface has a different private IP, but is also using port 25.  I am not sure how the PIX would translate outgoing mail (from this second interface) on the same public IP (as incoming).

You can't map the same public IP on the same port to 2 different private IPs on the same port because the pix will have no way of knowing which IP to send the traffic to on an incoming connection from the Internet.

It just can't be done that way.

Jon

Actions

This Discussion

Related Content