×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cannot static nat to MX recorded IP on ASA.

Unanswered Question
Mar 16th, 2006
User Badges:

Hi ,

Maybe there is a rule that I'm not aware of so here I am. I was previously using my mail server behind my ISA server which in turn had a direct(real) IP. This same IP has an MX record as pointing to my mail server and once mails hit my ISA , the ISA redirects ports 110,25 & 80 for the WEb access to the Mail server.

Now I am introducing an ASA5520 and I tried to put another REAL ip in the range for my external interface while creating a Static Nat for my REAL (MXed) IP , but that just doesnt seem to be working.

Basically unless my MXed IP is on a physical interface ( like NIC of server or Outside of ASA) , i cannot ping it. IF i position this MXed IP on the outside interface and then try a static nat for any of the other IPs in the range, it works just fine..weird aint it ???

Suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
jackko Thu, 03/16/2006 - 15:55
User Badges:
  • Gold, 750 points or more

the way to achieve this objective is to configure

static, and inbound acl.


depending on the number of public ip available, the configuration would be different.


1. a single public ip

static (inside,outside) tcp interface 25 25 netmask 255.255.255.255

static (inside,outside) tcp interface 110 110 netmask 255.255.255.255

clear xlate local


access-list 111 permit tcp any interface outside eq 25

access-list 111 permit tcp any interface outside eq 110

access-group 111 in interface outside


2. with multiple public ips:

static (inside,outside) netmask 255.255.255.255

clear xlate


access-list 111 permit tcp any host eq 25

access-list 111 permit tcp any host eq 110

access-group 111 in interface outside



jackko Sat, 03/18/2006 - 07:13
User Badges:
  • Gold, 750 points or more

the rating indicated that the information provided is not valuable.


please feel free to discuss further.

Actions

This Discussion