A client of mine has been assigned six usable IP addresses. The outside interface on the ASA 5505 has an address of 22.214.171.124 (third octet changed for security reasons on all outside IP addresses). That address is used as a dynamic NAT for outgoing traffic from the internal 192.168.2.0/24 network. There is a static NAT for the email server - 126.96.36.199. Incoming email uses that IP address successfully, but outgoing email does not translate to that address. Below is the pertinent part of the ASA 5505 configuration. I ran a packet trace and found that there are two translations taking place. First the correct translation for outgoing email traffic from the Microsoft Exchange server takes place - 192.168.2.10 eq 25 to 188.8.131.52 eq 25. Then the packet traverses the first static NAT in the list - example 192.168.2.10 eq 4125 184.108.40.206 eq 4125 for a second translation. The second translation IP address is what the receiving email server sees. The problem we are having is receiving servers cannot do a successful reverse lookup of mail. Mycompany.com, so they reject the mail.
If anyone has any ideas, I sure would be grateful.
ASA Version 7.2(2)
name 220.127.116.11 RDP description Remote Desktop Connection
name 18.104.22.168 Mail description NAT to internal email
ip address 192.168.2.1 255.255.255.0
ip address 22.214.171.124 255.255.255.248
access-list outside_in extended permit tcp any host Mail eq smtp
Glad to hear. You need to clear the translation in the table for it to take the newly changed one. Otherwise you would have to wait for the xlate to timeout (3 hours default) after a 1 hour conn timeout for it to start taking the new translation.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...