Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.4 - Static NAT - Problem with outbound SMTP

Below is the interesting part of my config.  I have static NAT configured and working inbound for the Exchange Server and the Barracuda, however outbound traffic from those hosts comes out as the interface IP.  Thoughts?  I've tried a number of things (outside, inside), etc...  No luck.  Any help would be appreciated.

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network DSN-EXCH01

host 10.250.231.51

object network MAIL-IN

host 10.250.231.50

!

access-list outside_inside extended permit tcp any host 10.250.231.51 eq https

access-list outside_inside extended permit tcp any host 10.250.231.51 eq www

access-list outside_inside extended permit tcp any host 10.250.231.50 eq smtp

!

nat (inside,outside) source dynamic any interface

!

object network obj_any

nat (inside,outside) dynamic interface

object network DSN-EXCH01

nat (inside,outside) static xxx.xxx.xxx.25

object network MAIL-IN

nat (inside,outside) static xxx.xxx.xxx.26

!

access-group outside_inside in interface outside

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA 8.4 - Static NAT - Problem with outbound SMTP

Hi,

The issue here is with the order of NAT rules in the 8.4 version.

A Manual NAT rule takes precedence over Auto NAT (within object group).

So, nat (inside,outside) source dynamic any interface; is taking precedence when going from inside to outside.

I hope this helps.

-Shrikant

PS: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks

3 REPLIES
Cisco Employee

Re: ASA 8.4 - Static NAT - Problem with outbound SMTP

Hi,

The issue here is with the order of NAT rules in the 8.4 version.

A Manual NAT rule takes precedence over Auto NAT (within object group).

So, nat (inside,outside) source dynamic any interface; is taking precedence when going from inside to outside.

I hope this helps.

-Shrikant

PS: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks

New Member

Re: ASA 8.4 - Static NAT - Problem with outbound SMTP

That makes sense, thank you. Is there a better way to acomplish this then?  I see there are some options to insert rules before and after other parts of NAT but not sure what to use just yet.

Thank you,


Curtis

New Member

Re: ASA 8.4 - Static NAT - Problem with outbound SMTP

Actually, I just removed that part of the config since I already had an object NAT configured for 0.0.0.0.

Thank you very much.

4590
Views
0
Helpful
3
Replies