1 to 2 NAT

Answered Question
Mar 23rd, 2010

I am trying to get our mail server to talk through two different NAT addresses.

One is to a public IP that works and has been in place.

We've recently partnered with another company and we need to send email to their domain through a VPN.

The VPN is operational.

Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.

What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 8 months ago

westcare wrote:

I am trying to get our mail server to talk through two different NAT addresses.

One is to a public IP that works and has been in place.

We've recently partnered with another company and we need to send email to their domain through a VPN.

The VPN is operational.

Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.

What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this

access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0

static (inside,outside) access-list pnat

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 03/23/2010 - 14:47

westcare wrote:

I am trying to get our mail server to talk through two different NAT addresses.

One is to a public IP that works and has been in place.

We've recently partnered with another company and we need to send email to their domain through a VPN.

The VPN is operational.

Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.

What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this

access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0

static (inside,outside) access-list pnat

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

westcare Thu, 03/25/2010 - 07:44

Thanks for the reply this works.

I also had to remove the 1st NAT for the public IP and put it back in, so the VPN NAT would be higher list.

Actions

This Discussion