ASA 8.4 - Static NAT - Problem with outbound SMTP-new***

telematic_2 · ‎06-11-2012

Hi everyone!

We have seen an old thread about this problem that says:

******

The issue here is with the order of NAT rules in the 8.4 version.

A Manual NAT rule takes precedence over Auto NAT (within object group).

So, nat (inside,outside) source dynamic any interface; is taking precedence when going from inside to outside.

*******

Our situation is the same ASA 8.4(2), we can't send email with the wan mail server address.

How can we solve this problem??

See the attached txt file for our NAT configuration for the internal mail server (lan ip 10.240.2.32, wan 88.x.x.x).

mikull.kiznozki · ‎06-11-2012

add rules to your inside access out as well..

abinjola · ‎06-11-2012

In Section 2 table (NAT order of operation), static takes precedence over dynamic NAT,

Add a static for your email server

The following example configures static NAT for the real host 10.1.1.1 on the inside to 2.2.2.2 on the outside using a mapped object.

hostname(config)# object network my-mapped-obj

hostname(config-network-object)# host 10.2.2.2

hostname(config-network-object)# object network my-host-obj1

hostname(config-network-object)# host 10.1.1.1

hostname(config-network-object)# nat (inside,outside) static my-mapped-obj

gouravbathla · ‎06-12-2012

Hi

You may check with this single NAT statement (instead of port-forwarding) since ports can be managed by applied ACL.

object network hst-10.240.2.32

host 10.240.2.32

description mailserver Host Object

nat (inside,outside) static 88.x.x.x

Note:-But remove earlier configured NAT statements before using this.

telematic_2 · ‎11-20-2012

thanks to everyone!