Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
1
Replies

FWSM nat issue

Go to solution
jmyatt209
Level 1
Level 1

‎12-05-2007 02:44 AM - edited ‎03-11-2019 04:39 AM

Hi

I have a FSWM 3.2. Have /28 address space from ISP. outside interface is x.x.x.200 and mail server global address is x.x.x.201. Inside address of mail server is 192.168.100.12. Have a static (inside, outside) tcp x.x.x.200 smtp 192.168.100.12 smtp netmask 255.255.255.255

SMTP connections from internet to inside work fine, however outbound mail is sent with the outside interface address instead of the global address in the static. Do I need a specific nat & global statement for the outbound connections to use the same ip address as the inbound connections ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
richf
Level 1
Level 1

‎12-05-2007 06:09 PM

I am not sure I understand the question correctly but here is what I understand. You are seeing the PAT address instead of the static NAT translation. When traffic flows from the inside interface to the outside interface it will use the statically translated address. In this case you will want to have your static translation for your mail server go to x.x.x.201. It may look like this.

static (inside,outside) 192.168.100.12 x.x.x.201 netmask 255.255.255.255 tcp 1024 768

your PAT address may look like this (all outbound traffic from addresses not specifically NAT'd) would look like this

global (outside) 10 x.x.x.202 netmask 255.255.255.255

This statement would translate the internal hosts to use the global address

nat (inside) 10 192.168.100.0 255.255.255.0

Your outside address for the interface would remain at x.x.x.200

Obviously you will need to modify your ACL to allow SMTP traffic to flow to the new IP address.

I hope that this helps.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
richf
Level 1
Level 1

‎12-05-2007 06:09 PM

I am not sure I understand the question correctly but here is what I understand. You are seeing the PAT address instead of the static NAT translation. When traffic flows from the inside interface to the outside interface it will use the statically translated address. In this case you will want to have your static translation for your mail server go to x.x.x.201. It may look like this.

static (inside,outside) 192.168.100.12 x.x.x.201 netmask 255.255.255.255 tcp 1024 768

your PAT address may look like this (all outbound traffic from addresses not specifically NAT'd) would look like this

global (outside) 10 x.x.x.202 netmask 255.255.255.255

This statement would translate the internal hosts to use the global address

nat (inside) 10 192.168.100.0 255.255.255.0

Your outside address for the interface would remain at x.x.x.200

Obviously you will need to modify your ACL to allow SMTP traffic to flow to the new IP address.

I hope that this helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card