Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5510 v7.2.2 PAT and static PAT using one IP address

Dear ALL

i have configured ASA 5510 v7.2.2 for PAT (for brwosing and accessing internet for local users),and also static PAT for Mail Server (MSexchange)to access their Mail server (static PAT for smtp,pop3,http,https) using only one real IP address for both PAT and static PAT, the internal users browsing & accessing internet normally but the problrem static PAT works only for SMTP,HTTP, and https and did not work for POP3 i made static PAT for POP3 and add ACL for POP3 in outside interface as i did for SMTP,HTTP, and HTTPS.

kindest Regards

6 REPLIES
Silver

Re: ASA 5510 v7.2.2 PAT and static PAT using one IP address

There aren't any known issues with POP3 using interface IP as static pat. Could you please paste your configuration (statics and ACLs) and also explain in detail what exact problem are you facing with POP3?

Regards,

Vibhor.

New Member

Re: ASA 5510 v7.2.2 PAT and static PAT using one IP address

name 192.168.30.30 ISA-Server description ISA Server

name 192.168.30.5 MailExchange description Mail Server

name X.X.X.X RealIPaddress

dns-guard

!

interface Ethernet0/0

nameif Outside

--------------------

the problem i can not connect to MAIL server using POP3 only.

security-level 0

pppoe client vpdn group DSL-OUT

ip address pppoe setroute

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.30.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

access-list Outside_access_in extended permit tcp any host RealIPaddress eq https

access-list Outside_access_in extended permit tcp any host RealIPaddress eq www

access-list Outside_access_in extended permit tcp any host RealIPaddress eq pop3

access-list Outside_access_in extended permit tcp any host RealIPaddress eq smtp

global (Outside) 1 interface

nat (inside) 1 192.168.30.0 255.255.255.0

nat (management) 0 0.0.0.0 0.0.0.0

static (inside,Outside) tcp interface https MailExchange https netmask 255.255

55.255

static (inside,Outside) tcp interface www MailExchange www netmask 255.255.255

55

static (inside,Outside) tcp interface smtp MailExchange smtp netmask 255.255.2

.255

static (inside,Outside) tcp interface pop3 MailExchange pop3 netmask 255.255.2

55.255

access-group Outside_access_in in interface Outside

Silver

Re: ASA 5510 v7.2.2 PAT and static PAT using one IP address

Hello,

I'm not sure what "RealIPaddress" is, however, your ACLs should be like this-

access-list Outside_access_in extended permit tcp any interface outside eq https

access-list Outside_access_in extended permit tcp any interface outside eq www

access-list Outside_access_in extended permit tcp any interface outside eq pop3

access-list Outside_access_in extended permit tcp any interface outside eq smtp

access-group Outside_access_in in interface Outside

Still, if things dont work, please let me know if we have any syslogs when connection attempt is made from outside.

Regards,

Vibhor.

New Member

Re: ASA 5510 v7.2.2 PAT and static PAT using one IP address

Dear vibhor

RealIPaddress is the IP address of outside interface IP address i am now offsite i can not get syslog.

kind regards

Silver

Re: ASA 5510 v7.2.2 PAT and static PAT using one IP address

Instead of actually using the IP address in the ACL, I'd recommend to use the keyword "interface outside". Once this is done, configuration looks fine to me and once we have syslogs we can pin-point if the issue is on the client side or the server side.

From the internal network itself, are you able to connect to the POP3 server?

Regards,

Vibhor.

New Member

Re: ASA 5510 v7.2.2 PAT and static PAT using one IP address

Dear Vibhor

i will try do it as soon as i can and tell you.

regarding POP3 its working internally and during troublshooting i connect internet connection directly with Mailserver and all ports(POP3,HTTP,HTTPS, and SMTP) are working normally.

211
Views
0
Helpful
6
Replies
CreatePlease to create content