Assuming that 192.168.1.8 is the ip of your email server and 22.214.171.124 is the ip of your ASA outside interface and your server is listening on actual ports for the traffic, You can use Static Port Translation using Auto NAT.
1. Create an object network for Real and translated address
object network SERVER_PAT_OUTSIDE
object network SERVER_PRIVATE_ADD
nat(inside,outside) static SERVER_PAT_OUTSIDE service tcp 25 25
nat(inside,outside) static SERVER_PAT_OUTSIDE service tcp 80 80
nat(inside,outside) static SERVER_PAT_OUTSIDE service tcp 443 443
nat(inside,outside) static SERVER_PAT_OUTSIDE service tcp 587 587
Ports are listed in the order real (actually configured on server) and then mapped (translated)
I am not sure if you have an ACL attached to your ASAs external interface yet but the below ACL should handle that
access-list OUTSIDE-IN remark Traffic allowed to the Mail Server access-list OUTSIDE-IN permit tcp any object MAIL-SERVER eq 25 access-list OUTSIDE-IN permit tcp any object MAIL-SERVER eq 80 access-list OUTSIDE-IN permit tcp any object MAIL-SERVER eq 443 access-list OUTSIDE-IN permit tcp any object MAIL-SERVER eq 587
access-group OUTSIDE-IN in interface outside
Notice with the ACL example that if you already have an ACL in use on your external interface then use that ACLs name and create the same rules. If on the other hand you have no interface ACL in that interface then you can use the above ACL. The naming of the ACL is up to you and you might have different named interfaces.
If you can only afford to do Static PAT (Port Forward) then the other post suggestions idea is OK but notice that in that situation for each Port Forward / Static PAT you will need its own "object". You wont be able to configure all the "nat" statements under a single "object". You dont have to configure an "object" for the public IP address as you can use the public IP address directly in the "nat" statement that is configured under the "object".
If you want to read up on some info about the new NAT configuration format and see some examples you can take a look at a document I wrote in 2013. You can find it here:
The Static NAT configuration I mentioned above should do the trick for the server. It will bind the local/real IP address to the mentioned public IP address for all traffic between the internal and external network.
The ACL configuration is also fine if you dont have any ACLs configured yet for your external interface. Naturally you would use the interface names you have configured on your ASA in the NAT configurations you insert and you can choose the "object" and "access-list" names as you wish.
Naturally if the connections still dont work after doing the configurations we can always have a look at the ASA configurations to find the cause of the problem.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...