My Cisco 8xx is able to NAT any SMTP traffic from the outside to the inside mailserver using the following command:
(config)# ip nat inside source static tcp 192.168.10.100 25 int Dialer1 25
Works just fine, but I would like to tune the NAT rule a bit. This rule allows any source to forward trough the router on port 25. The mail we receive comes from a front-end server from our ISP. The use a small WAN IP-range for there servers, for example 18.104.22.168 to 22.214.171.124. For security reasons it would be great when I'm able to fine-tune the static NAT rule so only traffic received from IP 77.88.99.x will be forwarded trough the router. Is that possible? Or do I need a firewall to set this up, an ASA for example?
We are using a Cisco 867 router for the job.