i have two Cisco ASA layers, and my exchange server is inside the network of the Layer 2, that means the traffic will pass the two ASA layers to reach the server. the first layer has a public IP addresses and between the two ASAs are Private subnet (172.20.20.0) and my inside network on internal firewall is 10.0.0.0.
my question: how can i publish the email server to the internet and pass the two security layers? Can i do nat from 10.0.0.0 to 172.20.20.0 on the smtp port on the internal firewall and then do nat from 172.20.20.0 to my public IP address (MX record) on the first ASA?
please correct me or provide better solution and answer me with configuration lines.
According to the drawing I see two ASAs...
The Perimeter ASA (closest to the Internet)
The Internal ASA (closest to the Exchange)
The Internal ASA sees the Exchange as 10.0.0.11?
Is there another device doing NAT between the Exchange and the Internal ASA?
Also, currently you're doing NAT on both ASAs?
I meant you can enable NAT only on the Perimeter ASA...