Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
2
Replies

1 to 2 NAT

Go to solution
westcare
Level 1
Level 1

‎03-23-2010 02:02 PM

I am trying to get our mail server to talk through two different NAT addresses.

One is to a public IP that works and has been in place.

We've recently partnered with another company and we need to send email to their domain through a VPN.

The VPN is operational.

Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.

What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-23-2010 02:47 PM 

westcare wrote:
I am trying to get our mail server to talk through two different NAT addresses.
One is to a public IP that works and has been in place.
We've recently partnered with another company and we need to send email to their domain through a VPN.
The VPN is operational.
Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.
What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this

access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0

static (inside,outside) access-list pnat

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-23-2010 02:47 PM 

westcare wrote:
I am trying to get our mail server to talk through two different NAT addresses.
One is to a public IP that works and has been in place.
We've recently partnered with another company and we need to send email to their domain through a VPN.
The VPN is operational.
Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.
What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this

access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0

static (inside,outside) access-list pnat

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

0 Helpful

Go to solution
westcare
Level 1
Level 1
In response to Jon Marshall

‎03-25-2010 07:44 AM

Thanks for the reply this works.

I also had to remove the 1st NAT for the public IP and put it back in, so the VPN NAT would be higher list.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents