Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA and mail server


I have an ASA 5520 as the gateway firewall with the public address of

I do a static NAT to a GroupWise mail server with the public address of

Using the following statement: static (DIA_INSIDE,DIA_OUTSIDE) Groupwise_Pub Groupwise netmask Everything works just fine with this configuration.

I recently purchased a spam firewall for inbound mail filtering. It has the private address of Spamfilter. I use the following port forwarding statement to pass inbound mail through the spam filter.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub smtp Spamfilter smtp netmask

And this following to allow web access to the real mail server.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub https Groupwise https netmask

All inbound still works just fine. However, the outbound mail now has the source address of rather that which it should be. There is no PTR record for so most mail providers rejects my mail.

The question is: What are the ramifications of changing the physical address of the DIA_OUTSIDE interface from to and then port forward as needed as this would place the address in the mail headers as the source address and resolve the PTR record problem.


Glenn Anderson


Re: ASA and mail server

This sample configuration demonstrates how to set up the PIX Firewall for access to a mail server located on the Demilitarized Zone (DMZ) network.

CreatePlease to create content