Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA and mail server

Hi,

I have an ASA 5520 as the gateway firewall with the public address of xxx.xxx.xxx.060.

I do a static NAT to a GroupWise mail server with the public address of xxx.xxx.xxx.050

Using the following statement: static (DIA_INSIDE,DIA_OUTSIDE) Groupwise_Pub Groupwise netmask 255.255.255.255. Everything works just fine with this configuration.

I recently purchased a spam firewall for inbound mail filtering. It has the private address of Spamfilter. I use the following port forwarding statement to pass inbound mail through the spam filter.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub smtp Spamfilter smtp netmask 255.255.255.255

And this following to allow web access to the real mail server.

static (DIA_INSIDE,DIA_OUTSIDE) tcp Groupwise_Pub https Groupwise https netmask 255.255.255.255

All inbound still works just fine. However, the outbound mail now has the source address of xxx.xxx.xxx.060 rather that xxx.xxx.xxx.050 which it should be. There is no PTR record for xxx.xxx.xxx.060 so most mail providers rejects my mail.

The question is: What are the ramifications of changing the physical address of the DIA_OUTSIDE interface from xxx.xxx.xxx.060 to xxx.xxx.xxx.050 and then port forward as needed as this would place the address xxx.xxx.xxx.050 in the mail headers as the source address and resolve the PTR record problem.

Regards,

Glenn Anderson

glennanderson@wcps.org

1 REPLY
Bronze

Re: ASA and mail server

This sample configuration demonstrates how to set up the PIX Firewall for access to a mail server located on the Demilitarized Zone (DMZ) network.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml

206
Views
0
Helpful
1
Replies
CreatePlease to create content