Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 8.6 und nat

Hey,

in the LAN have a Mail Server ! No Mails come's from the Internet !

What is wrong ?

object network srv-ex

host 10.104.1.9

object service mail-serv

service tcp source eq smtp destination eq smtp

nat (inside,outside) source static any any destination static srv-ex srv-ex service mail-serv mail-serv

access-list outside_access_in extended permit tcp any 10.104.1.9 255.255.255.255 eq smtp

Thanks

10 REPLIES

ASA 8.6 und nat

Hello Bodo,

object service mail-serv

service tcp source eq smtp destination eq smtp

Change the object to source

object service mail-serv

service tcp source eq smtp source eq smtp

Remember to rate all the helpful posts,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

ASA 8.6 und nat

Hey,

i have change to :

object service mail-serv

service tcp source eq smtp

Nothing works !

Super Bronze

ASA 8.6 und nat

The NAT is incorrect.

It should be:

object network srv-ex

  host 10.104.1.9

  nat (inside,outside) static service tcp 25 25

New Member

ASA 8.6 und nat

Hey,

i have config this then come this :

ERROR: Address xxx.xxx.xxx.xxx overlaps with outside interface address.

ERROR: NAT Policy is not downloaded

What is that ?

Red

ASA 8.6 und nat

Try this:

object network srv-ex

host 10.104.1.9

object service mail-serv

service tcp destination eq 25

nat (outside,inside) source static any any destination static interface srv-ex service mail-serv mail-serv

access-list outside_access_in extended permit tcp any host 10.104.1.9  eq smtp

I am using the outside interface as the public ip for the mail server, if you have any other free ip, you can use it.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
Red

ASA 8.6 und nat

Can you also give us the output of :

show run interface

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

ASA 8.6 und nat

Internet and VPN Site-to-Site works with the Interface !

New Member

ASA 8.6 und nat

Hey,

no works, this was the config :

object service mail-serv

service tcp destination eq smtp

object network srv-ex

host 10.104.1.9

nat (outside,inside) source static any any destination static interface srv-ex service mail-serv mail-serv

access-list outside_access_in extended permit tcp any host 10.104.1.9 eq smtp

access-group outside_access_in in interface outside

show nat

Manual NAT Policies (Section 1)

1 (inside) to (outside) source dynamic any interface

    translate_hits = 1058, untranslate_hits = 212

2 (inside) to (outside) source static RFC1918 RFC1918   destination static RFC1918 RFC1918 description NAT-Excempt for VPN

    translate_hits = 0, untranslate_hits = 828

3 (outside) to (inside) source static any any   destination static interface srv-ex service mail-serv mail-serv

    translate_hits = 0, untranslate_hits = 0

Make from the Internet a telnet on port 25 nothing !

New Member

ASA 8.6 und nat

Hey all,

have change the NAT Rules from Position 3 to 1 and now works !

Red

ASA 8.6 und nat

Great, it must be hitting your nat exempt..all the best

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
516
Views
0
Helpful
10
Replies