Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port Forwarading between two internal servers on an ASA 6.3

We are trying to set up email continuity through Mimecast.  Part of the set up is active directory synchronization.  In order for that to happen, the DC will need to communicate with Mimecast. Currently the DC does not have a public IP.   We were told we can get around this by doing the following:    As long as you have a NAT policy that includes the DC, you should be able to just create an ACL where the source is the Mimecast networks, coming in to your Exchange WAN IP, and then forwarding to the DC’s internal IP on 636.   

So, if I understand this correctly, I will set up a connector at Mimecast with the public IP of the exchange server.   I will then set up a NAT rule on the ASA that forwards Exchange port 636 to DC port 636.  Then create an ACL that allows communication from Mimecast public IP's to DC port 636?

Does that look correct, or am I totally off base?     I just need assistance with the ASA part..


Most of our NAT'ing is done out on a LInkproof appliance. 



Can you share the access-list

Can you share the access-list and NAT configuration of firewall also network diagram which describe the locations of DC, Exchange and Mimecast Networks. I will certainly be able to help you if you provide these information.