11-17-2006 02:52 PM - edited 03-11-2019 01:57 AM
I have an ASA 5520, and I need to take all traffic from one external IP, and move it to an internal IP, except SMTP, which i need to forward to a different Internal IP. For example, I have nat set so that 64.64.64.64 external NATs to 10.10.10.10, but I need all SMTP traffic from 64.64.64.64 dirrect to 10.10.10.11. Any help would be greatly appreciated. Also, I prefer to use ASDM, because I am not very savy, so please be easy on me.
11-18-2006 05:28 PM
Use Static Policy NAT Rules for each protocol - port that you want to open.
examples:
NAT http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/v_5_2/user/nat.htm
Users Guide:
http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdm/v_5_2/user/index.htm
sincerely
Patrick
11-19-2006 06:38 PM
The problem I am having is, it is not allowing me forward port 25 to one internal IP, while forwarding port 80 to a different internal IP. External IP is the same in both cases.
11-20-2006 10:59 AM
You cannot have a static for the whole ip and then port translate on top of that. Remove the existing static then port translate other statics.
no static (inside,outside) 64.64.64.64 10.10.10.10 netmask 255.255.255.255
then add statics for ports to 10.10.10.10
static (inside,outside) tcp 64.64.64.64 80 10.10.10.10 80 netmask 255.255.255.255
static (inside,outside) tcp 64.64.64.64 443 10.10.10.10 443 netmask 255.255.255.255
etc.
then add static for smtp to 10.10.10.11
static (inside,outside) tcp x.x.x.x 25 10.10.10.11 25 netmask 255.255.255.255
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: