02-17-2010 10:24 AM - edited 03-11-2019 10:11 AM
We have a PIX515E on software 8.0(4). We are in the process of upgrading our mail gateway and I need to modify our NAT statement to facilitate traffic. Here is the scenario: The mail gateway has an inbound and outbound interface on the same private subnet. Incoming mail-flow will translate from <public address A>:25 to <incoming gateway interface 1>:25. Outgoing mail-flow will translate from <outgoing gateway interface 2>:25 to <public address A>:25. Is it possible to create a Dynamic Policy NAT rule to establish communication? Thanks.
02-17-2010 10:39 AM
Hi,
Since this is a server, I will recommend a STATIC NAT instead than dynamic NAT.
Will this work for you?
Federico.
02-17-2010 10:48 AM
A static NAT using PAT was my original approach. I could set this up easily for incoming mail. The problem is dealing with the outgoing interface on the mail gateway. This interface has a different private IP, but is also using port 25. I am not sure how the PIX would translate outgoing mail (from this second interface) on the same public IP (as incoming).
02-17-2010 10:53 AM
RegionDist19 wrote:
A static NAT using PAT was my original approach. I could set this up easily for incoming mail. The problem is dealing with the outgoing interface on the mail gateway. This interface has a different private IP, but is also using port 25. I am not sure how the PIX would translate outgoing mail (from this second interface) on the same public IP (as incoming).
You can't map the same public IP on the same port to 2 different private IPs on the same port because the pix will have no way of knowing which IP to send the traffic to on an incoming connection from the Internet.
It just can't be done that way.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide