Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT problem with 5505

I have a 5505 running 8.3 and am using ADSM 6.3 to configure it.   I have a dynamic PAT setup for the network I'm on and am trying to setup static bidirectional NAT for SMTP to a particular host.  (I do have two external connections in this configuration.)  Here are my current NAT commands:

!

object network Host-Dino

nat (inside,cox) static Ext-mail service tcp smtp smtp

!

nat (any,any) after-auto source static any any destination static Ext-Web Host-Henry service http http description Address xlate for web server

nat (any,any) after-auto source static any any destination static Ext-WebAcccess Host-Bambam service https https description Address Xlate from external WebAccess address to Bambam

nat (inside,cox) after-auto source dynamic any interface description Outbound for normal networks

nat (inside,disc) after-auto source dynamic any interface description Outbound to DISC hosts

nat (DMZ,cox) after-auto source dynamic any interface description Outbound from DMZ to Cox

nat (DMZ,disc) after-auto source dynamic any interface description Outbound from DMZ to DISC

Dino sits on the inside interface of the ASA.   However, when I send out mail, it goes out the interface IP and not the Ext-mail IP.   Confusingly, if I take out the nat (inside,cox) command, it will pick up on the object NAT and work correctly.   Also, the inbound SMTP connection works if the external host connects to the Ext-mail IP address.   I thought from the docs that object NAT should take priority.  What do I need to do to make this function correctly with the SMTP traffic going out a different IP address.  

I tried to debug this with the packet trace function.   When I use Dino's IP address, source port of 25 and destination port of 25, it translates the packet correctly. 

--

Jon

Everyone's tags (4)
1 REPLY
Cisco Employee

Re: NAT problem with 5505

When dino sends e-mail it will not source from port 25. It will be high port. That is why it looks like the interface when going out. I have discussed it here: http://www.youtube.com/watch?v=kRY8DuaRp5U

You need the following:

!

object network Host-Dino_outbound

host x.x.x.x

nat (inside,out) dynamic Ext-mail

-KS

628
Views
0
Helpful
1
Replies
CreatePlease to create content