Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Am i able to use PAT and publish a mail server with 1 public IP ?

Hi,

I'm a little confused maybe someone could help me out here.

I'm trying to get an ASA5510 ASA Version 7.1(2) on the road here.

Problem is that i want to publish an SMTP server on the inside network on the Internet, and provide all inside hosts with internet.

Problem is that i only have 1 static public ip address.

For getting Internet access on the inside hosts i use :

global (Outside) 1 interface

nat (Inside) 1 10.100.50.0 255.255.255.0

But as soon as i try to add a rule (and as far as my knowledge goes that needs to be) :

access-list smtp extended permit tcp any host external ip address eq smtp

static (inside,outside) public ip address inside ip address netmask 255.255.255.255

access-group smtp in interface outside

I lose all internet connectivity on my inside hosts.

What am doing wrong , or is this not possible with an ASA and one public ip address ?

Thanks for helping.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Am i able to use PAT and publish a mail server with 1 public

Well, I have the more secure alternative :)

You will keep the nat, and add a static only for SMTP port, this way will be secure.

The line is :

static (Inside,Outside) tcp 25 25 netmask 255.255.255.255

VOILA :)

Please rate if this helped.

Regards,

Daniel

4 REPLIES
New Member

Re: Am i able to use PAT and publish a mail server with 1 public

Ignore this question please, my mistake

an

static (Inside,Outside) external ip internal ip netmask 255.255.255.255

access-group test in interface Outside

access-list test extended permit ip any host external ip

Did the trick.

Please be aware that this sollution allows all trafic trough to the internal host (which is not secure)

Re: Am i able to use PAT and publish a mail server with 1 public

Well, I have the more secure alternative :)

You will keep the nat, and add a static only for SMTP port, this way will be secure.

The line is :

static (Inside,Outside) tcp 25 25 netmask 255.255.255.255

VOILA :)

Please rate if this helped.

Regards,

Daniel

New Member

Re: Am i able to use PAT and publish a mail server with 1 public

Great one, will use this one in the future.

For this config i managed to get rid of a stupid 2wire adsl modem which was not able to route a small subnet of public ip addresses.

I installed an Cisco 837 instead which does its work perfectly.

In this configuration i also wanted to publish HTTP & HTTP on an inside host, but also want to use WebVPN, so i needed an extra public ip anyway.

Re: Am i able to use PAT and publish a mail server with 1 public

Glad to help :)

Cheers,

Daniel

170
Views
5
Helpful
4
Replies
CreatePlease to create content