NAT problem with 5505

Unanswered Question
Aug 17th, 2010
User Badges:

I have a 5505 running 8.3 and am using ADSM 6.3 to configure it.   I have a dynamic PAT setup for the network I'm on and am trying to setup static bidirectional NAT for SMTP to a particular host.  (I do have two external connections in this configuration.)  Here are my current NAT commands:



!

object network Host-Dino

nat (inside,cox) static Ext-mail service tcp smtp smtp

!

nat (any,any) after-auto source static any any destination static Ext-Web Host-Henry service http http description Address xlate for web server

nat (any,any) after-auto source static any any destination static Ext-WebAcccess Host-Bambam service https https description Address Xlate from external WebAccess address to Bambam

nat (inside,cox) after-auto source dynamic any interface description Outbound for normal networks

nat (inside,disc) after-auto source dynamic any interface description Outbound to DISC hosts

nat (DMZ,cox) after-auto source dynamic any interface description Outbound from DMZ to Cox

nat (DMZ,disc) after-auto source dynamic any interface description Outbound from DMZ to DISC


Dino sits on the inside interface of the ASA.   However, when I send out mail, it goes out the interface IP and not the Ext-mail IP.   Confusingly, if I take out the nat (inside,cox) command, it will pick up on the object NAT and work correctly.   Also, the inbound SMTP connection works if the external host connects to the Ext-mail IP address.   I thought from the docs that object NAT should take priority.  What do I need to do to make this function correctly with the SMTP traffic going out a different IP address.  


I tried to debug this with the packet trace function.   When I use Dino's IP address, source port of 25 and destination port of 25, it translates the packet correctly. 

--

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Sat, 08/21/2010 - 15:03
User Badges:
  • Cisco Employee,

When dino sends e-mail it will not source from port 25. It will be high port. That is why it looks like the interface when going out. I have discussed it here: http://www.youtube.com/watch?v=kRY8DuaRp5U


You need the following:


!

object network Host-Dino_outbound

host x.x.x.x

nat (inside,out) dynamic Ext-mail


-KS

Actions

This Discussion

Related Content