I am having issues getting this to work. For email, I have mail.xxx.xxx DNS'd to 165.165.165.165. I want it to come in to 10.1.0.31. It needs to go out a cluster of 10.1.0.31, 10.1.0.34, or 10.101.201.31 but look like it came from the 165.165.165.165 address. I have set up static NAT for the inbound. I have set up the global PAT with an ACL group of the 10.xxx addresses. I have set this same method up on an ASA with no issues but it doesn't want to work on the PIX 6.3. What am I missing?
no fixup protocol smtp 25
object-group service NewExchange tcp
port-object eq https
port-object eq smtp
port-object eq 587
access-list inbound remark Exchange
access-list inbound permit tcp any host 165.165.165.165 object-group NewExchange
access-list mail permit ip host 10.1.0.31 any
access-list mail permit ip host 10.1.0.34 any
access-list mail permit ip host 10.101.201.31 any
global (outside) 1 interface
global (outside) 2 165.165.165.165
nat (inside) 2 access-list mail 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 165.165.165.165 10.1.0.31 netmask 255.255.255.255 0 0
access-group inbound in interface outside
If I am on 10.0.0.34 with this set up ... i lose internet connectivity.
If I remove the "nat (inside) 2 access-list mail 0 0" line .... i restore connectivity but it becomes the ip address of the interface in global 1.
any thoughts?