12-05-2007 02:44 AM - edited 03-11-2019 04:39 AM
Hi
I have a FSWM 3.2. Have /28 address space from ISP. outside interface is x.x.x.200 and mail server global address is x.x.x.201. Inside address of mail server is 192.168.100.12. Have a static (inside, outside) tcp x.x.x.200 smtp 192.168.100.12 smtp netmask 255.255.255.255
SMTP connections from internet to inside work fine, however outbound mail is sent with the outside interface address instead of the global address in the static. Do I need a specific nat & global statement for the outbound connections to use the same ip address as the inbound connections ?
Solved! Go to Solution.
12-05-2007 06:09 PM
I am not sure I understand the question correctly but here is what I understand. You are seeing the PAT address instead of the static NAT translation. When traffic flows from the inside interface to the outside interface it will use the statically translated address. In this case you will want to have your static translation for your mail server go to x.x.x.201. It may look like this.
static (inside,outside) 192.168.100.12 x.x.x.201 netmask 255.255.255.255 tcp 1024 768
your PAT address may look like this (all outbound traffic from addresses not specifically NAT'd) would look like this
global (outside) 10 x.x.x.202 netmask 255.255.255.255
This statement would translate the internal hosts to use the global address
nat (inside) 10 192.168.100.0 255.255.255.0
Your outside address for the interface would remain at x.x.x.200
Obviously you will need to modify your ACL to allow SMTP traffic to flow to the new IP address.
I hope that this helps.
12-05-2007 06:09 PM
I am not sure I understand the question correctly but here is what I understand. You are seeing the PAT address instead of the static NAT translation. When traffic flows from the inside interface to the outside interface it will use the statically translated address. In this case you will want to have your static translation for your mail server go to x.x.x.201. It may look like this.
static (inside,outside) 192.168.100.12 x.x.x.201 netmask 255.255.255.255 tcp 1024 768
your PAT address may look like this (all outbound traffic from addresses not specifically NAT'd) would look like this
global (outside) 10 x.x.x.202 netmask 255.255.255.255
This statement would translate the internal hosts to use the global address
nat (inside) 10 192.168.100.0 255.255.255.0
Your outside address for the interface would remain at x.x.x.200
Obviously you will need to modify your ACL to allow SMTP traffic to flow to the new IP address.
I hope that this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: