Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 8.4 - Static NAT - Problem with outbound SMTP-new***

Hi everyone!

We have seen an old thread about this problem that says:

******

The issue here is with the order of NAT rules in the 8.4 version.

A Manual NAT rule takes precedence over Auto NAT (within object group).

So, nat (inside,outside) source dynamic any interface; is taking precedence when going from inside to outside.

*******

Our situation is the same ASA 8.4(2), we can't send email with the wan mail server address.

How can we solve this problem??

See the attached txt file for our NAT configuration for the internal mail server (lan ip 10.240.2.32, wan 88.x.x.x).

4 REPLIES
New Member

ASA 8.4 - Static NAT - Problem with outbound SMTP-new***

add rules to your inside access out as well..

Cisco Employee

ASA 8.4 - Static NAT - Problem with outbound SMTP-new***

In Section 2 table (NAT order of operation), static takes precedence over dynamic NAT,

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1118157

Add a static for your email server

The following example configures static NAT for the real host 10.1.1.1  on the inside to 2.2.2.2 on the outside using a mapped object.

hostname(config)# object network my-mapped-obj

hostname(config-network-object)# host 10.2.2.2

hostname(config-network-object)# object network my-host-obj1

hostname(config-network-object)# host 10.1.1.1

hostname(config-network-object)# nat (inside,outside) static my-mapped-obj

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html#wp1106703

New Member

ASA 8.4 - Static NAT - Problem with outbound SMTP-new***

Hi

You may check with this single NAT statement (instead of port-forwarding) since ports can be managed by applied ACL.

object network hst-10.240.2.32

host 10.240.2.32

description mailserver Host Object

nat (inside,outside) static 88.x.x.x

Note:-But remove earlier configured NAT statements before using this.

New Member

ASA 8.4 - Static NAT - Problem with outbound SMTP-new***

thanks to everyone!

1077
Views
0
Helpful
4
Replies