forwarding smtp to a different internal IP

cwollenberg · ‎11-17-2006

I have an ASA 5520, and I need to take all traffic from one external IP, and move it to an internal IP, except SMTP, which i need to forward to a different Internal IP. For example, I have nat set so that 64.64.64.64 external NATs to 10.10.10.10, but I need all SMTP traffic from 64.64.64.64 dirrect to 10.10.10.11. Any help would be greatly appreciated. Also, I prefer to use ASDM, because I am not very savy, so please be easy on me.

Patrick Iseli · ‎11-18-2006

Use Static Policy NAT Rules for each protocol - port that you want to open.

examples:

NAT http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/v_5_2/user/nat.htm

Users Guide:

http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/v_5_2/user/index.htm

sincerely

Patrick

cwollenberg · ‎11-19-2006

The problem I am having is, it is not allowing me forward port 25 to one internal IP, while forwarding port 80 to a different internal IP. External IP is the same in both cases.

t-heeter · ‎11-20-2006

You cannot have a static for the whole ip and then port translate on top of that. Remove the existing static then port translate other statics.

no static (inside,outside) 64.64.64.64 10.10.10.10 netmask 255.255.255.255

then add statics for ports to 10.10.10.10

static (inside,outside) tcp 64.64.64.64 80 10.10.10.10 80 netmask 255.255.255.255

static (inside,outside) tcp 64.64.64.64 443 10.10.10.10 443 netmask 255.255.255.255

etc.

then add static for smtp to 10.10.10.11

static (inside,outside) tcp x.x.x.x 25 10.10.10.11 25 netmask 255.255.255.255