Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5120
Views
0
Helpful
3
Replies

ASA 8.4 - Static NAT - Problem with outbound SMTP

Go to solution
clamasters
Level 1
Level 1

‎03-31-2011 09:10 AM - edited ‎03-11-2019 01:15 PM

Below is the interesting part of my config.  I have static NAT configured and working inbound for the Exchange Server and the Barracuda, however outbound traffic from those hosts comes out as the interface IP.  Thoughts?  I've tried a number of things (outside, inside), etc...  No luck.  Any help would be appreciated.

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network DSN-EXCH01

host 10.250.231.51

object network MAIL-IN

host 10.250.231.50

!

access-list outside_inside extended permit tcp any host 10.250.231.51 eq https

access-list outside_inside extended permit tcp any host 10.250.231.51 eq www

access-list outside_inside extended permit tcp any host 10.250.231.50 eq smtp

!

nat (inside,outside) source dynamic any interface

!

object network obj_any

nat (inside,outside) dynamic interface

object network DSN-EXCH01

nat (inside,outside) static xxx.xxx.xxx.25

object network MAIL-IN

nat (inside,outside) static xxx.xxx.xxx.26

!

access-group outside_inside in interface outside

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎03-31-2011 11:09 AM

Hi,

The issue here is with the order of NAT rules in the 8.4 version.

A Manual NAT rule takes precedence over Auto NAT (within object group).

So, nat (inside,outside) source dynamic any interface; is taking precedence when going from inside to outside.

I hope this helps.

-Shrikant

PS: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎03-31-2011 11:09 AM

Hi,

The issue here is with the order of NAT rules in the 8.4 version.

A Manual NAT rule takes precedence over Auto NAT (within object group).

So, nat (inside,outside) source dynamic any interface; is taking precedence when going from inside to outside.

I hope this helps.

-Shrikant

PS: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks

0 Helpful

Go to solution
clamasters
Level 1
Level 1
In response to Shrikant Sundaresh

‎03-31-2011 11:52 AM

That makes sense, thank you. Is there a better way to acomplish this then?  I see there are some options to insert rules before and after other parts of NAT but not sure what to use just yet.

Thank you,


Curtis

0 Helpful

Go to solution
clamasters
Level 1
Level 1
In response to clamasters

‎03-31-2011 11:56 AM

Actually, I just removed that part of the config since I already had an object NAT configured for 0.0.0.0.

Thank you very much.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card