If you only had flows outbound (initiated from your eMailHost), the simple route change would take care of the smtp flows.
Assuming you also have inbound flows (initiated from a client or another server sending mail to your domain), then there must be an access list allowing smtp inbound to the public (NATted) address. If there's not one already referencing the 70.x address, you will need one.
You must also have a DNS record that points to the 65.x address. That must be updated to point to the 70.x address. Actually the DNS is usually the longest bit to get updated because until the DNS TTL expires (typically most DNS providers only allow you to set that to no less than one hour), external hosts will continue to try to use the old address.
Thanks for replying. I have the ACL setup to send and receive SMTP and have tested it successfully.
We are preparing to change the DNS but here is the issue I tried to describe above.
With the default route out the existing ISP, we are good sending/receiving SMTP on IP 22.214.171.124.
When I change the default route to the New ISP, I can receive SMTP on the new IP address 126.96.36.199 but no longer receive SMTP on the existing IP 188.8.131.52.
I believe this is because the packet comes in one interface/IP and goes back the other interface/IP and gets rejected as a response.
Q#) Is there a way to tell the ASA to send the packet back out the interface it came in? A dynamic default route for packets coming in the other interface. OR is there a different way I should be doing this?
You can have one or the other but not both routes. The ASA is, at best, a poor router. It will not do policy-based routing like an IOS-based router and asymmetric paths will typically cause issues with stateful firewalls.
You can hack around the latter issue to allow a given flow to come through but the former is pretty hard and fast. Thus the cutover needs to be done all at once. Mail should queue both in house and externally and start flowing inbound once DNS sorts out which IP address to use. Outbound should work pretty much straight away.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :