Exchange servers are confgured for NLB, Exchange Admin explained me the mail flow from the servers he told me that when the servers will send mail outside they send by physical ip 10.10.3.12 and 10.10.3.14 and when the server will receive mail they will receive on NLB IP 10.10.3.9. so for that reason PBR is configured on the router for ip address 10.10.3.9 which should match in access-list and should be directed to next-hop ISP router and static NAT is configured on the Internet router for ip 10.10.3.9 for receiving email from outside.
The problem is neither the mails are going out nor we are receving when i do a traceroute the packets drops at ASA nor i am able to ping/telnet the internet router internal ip address,when i remove the static identity nat command from ASA i am able to ping,telnet,ssh from the server to Internet router each and every interface and also the trace route reaches till the ISP router.
nat (insde) 1 10.10.3.12 255.255.255.255
nat (inside)1 10.10.3.14 255.255.255.255
global (outside) 1 10.10.3.9
For receiving mail i configured the static identity NAT:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...