Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM nat issue

Hi

I have a FSWM 3.2. Have /28 address space from ISP. outside interface is x.x.x.200 and mail server global address is x.x.x.201. Inside address of mail server is 192.168.100.12. Have a static (inside, outside) tcp x.x.x.200 smtp 192.168.100.12 smtp netmask 255.255.255.255

SMTP connections from internet to inside work fine, however outbound mail is sent with the outside interface address instead of the global address in the static. Do I need a specific nat & global statement for the outbound connections to use the same ip address as the inbound connections ?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: FWSM nat issue

I am not sure I understand the question correctly but here is what I understand. You are seeing the PAT address instead of the static NAT translation. When traffic flows from the inside interface to the outside interface it will use the statically translated address. In this case you will want to have your static translation for your mail server go to x.x.x.201. It may look like this.

static (inside,outside) 192.168.100.12 x.x.x.201 netmask 255.255.255.255 tcp 1024 768

your PAT address may look like this (all outbound traffic from addresses not specifically NAT'd) would look like this

global (outside) 10 x.x.x.202 netmask 255.255.255.255

This statement would translate the internal hosts to use the global address

nat (inside) 10 192.168.100.0 255.255.255.0

Your outside address for the interface would remain at x.x.x.200

Obviously you will need to modify your ACL to allow SMTP traffic to flow to the new IP address.

I hope that this helps.

1 REPLY
New Member

Re: FWSM nat issue

I am not sure I understand the question correctly but here is what I understand. You are seeing the PAT address instead of the static NAT translation. When traffic flows from the inside interface to the outside interface it will use the statically translated address. In this case you will want to have your static translation for your mail server go to x.x.x.201. It may look like this.

static (inside,outside) 192.168.100.12 x.x.x.201 netmask 255.255.255.255 tcp 1024 768

your PAT address may look like this (all outbound traffic from addresses not specifically NAT'd) would look like this

global (outside) 10 x.x.x.202 netmask 255.255.255.255

This statement would translate the internal hosts to use the global address

nat (inside) 10 192.168.100.0 255.255.255.0

Your outside address for the interface would remain at x.x.x.200

Obviously you will need to modify your ACL to allow SMTP traffic to flow to the new IP address.

I hope that this helps.

106
Views
0
Helpful
1
Replies
CreatePlease to create content