03-23-2010 02:02 PM
I am trying to get our mail server to talk through two different NAT addresses.
One is to a public IP that works and has been in place.
We've recently partnered with another company and we need to send email to their domain through a VPN.
The VPN is operational.
Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.
What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.
Solved! Go to Solution.
03-23-2010 02:47 PM
westcare wrote:
I am trying to get our mail server to talk through two different NAT addresses.
One is to a public IP that works and has been in place.
We've recently partnered with another company and we need to send email to their domain through a VPN.
The VPN is operational.
Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.
What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.
Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this
access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0
static (inside,outside)
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
03-23-2010 02:47 PM
westcare wrote:
I am trying to get our mail server to talk through two different NAT addresses.
One is to a public IP that works and has been in place.
We've recently partnered with another company and we need to send email to their domain through a VPN.
The VPN is operational.
Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.
What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.
Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this
access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0
static (inside,outside)
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
03-25-2010 07:44 AM
Thanks for the reply this works.
I also had to remove the 1st NAT for the public IP and put it back in, so the VPN NAT would be higher list.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: