Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outbound NAT on ASA

Hello Community.

My inbound smtp NAT works well, but our mail server should have the same IP address on the outside interface as definded in the inbound nat.

But the smtp server allways got the IP address of the outside interface of our ASA.

How do i do outbound nat, my smtp server should have the IP address 217.168.46.155 and not the IP address 217.168.46.154.

Relevant config:

interface Vlan10

nameif inside

security-level 100

ip address 192.168.1.200 255.255.255.0

interface Vlan99

nameif outside

security-level 0

ip address 217.168.46.154 255.255.255.248

object network Z1_SMTP

host 192.168.1.9

description NAT Z1 SMTP

object-group service Z1SecureMailPorts

description Z1 Secure Mail Ports

service-object tcp destination eq smtp

access-list outside_access_in extended permit object-group Z1SecureMailPorts any host 192.168.1.9 log

object network Z1_SMTP

nat (inside,outside) static 217.168.46.155 service tcp smtp smtp

nat (inside,outside) after-auto source dynamic 192.168.1.0_24 interface

nat (guest,outside) after-auto source dynamic 172.16.20.0_24 interface

Kind regards

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Outbound NAT on ASA

Hi,

Try adding this configuration

object network MAIL-SERVER-SOURCE

host 192.168.1.9

object network MAIL-SERVER-PAT

host 217.168.46.155

nat (inside,outside) after-auto 1 source dynamic MAIL-SERVER-SOURCE MAIL-SERVER-PAT

The above configurations should make it so that the mail server would use the public IP address of 217.168.46.155 as the Dynamic PAT address when it initiates outbound connections through the ASA

The key thing to notice in the "nat" command is that we enter the number that states that it should be at the top of the Section 3 NAT configurations (the configurations using "after-auto" parameter)

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

2 REPLIES
Super Bronze

Re: Outbound NAT on ASA

Hi,

Try adding this configuration

object network MAIL-SERVER-SOURCE

host 192.168.1.9

object network MAIL-SERVER-PAT

host 217.168.46.155

nat (inside,outside) after-auto 1 source dynamic MAIL-SERVER-SOURCE MAIL-SERVER-PAT

The above configurations should make it so that the mail server would use the public IP address of 217.168.46.155 as the Dynamic PAT address when it initiates outbound connections through the ASA

The key thing to notice in the "nat" command is that we enter the number that states that it should be at the top of the Section 3 NAT configurations (the configurations using "after-auto" parameter)

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

New Member

Re: Outbound NAT on ASA

Thanks Jouni, you're allways right. Godfather of NAT :-)

Sent from Cisco Technical Support iPhone App

223
Views
0
Helpful
2
Replies
CreatePlease login to create content