The above configuration will translate incoming connections to the NAT_ADDRESS on port 25 to the real server. Also, incoming connections to the NAT_ADDRESS on port 443 to the real server. Everything else will be untranslated.
Is this not what you want to do, or I'm missing something?
The problem is not really so much one of doing the translations for the traffic I want but rather, more correctly one of exempting all other traffic from the real_address when destined for a range or ranges of addresses.
I have anyconnect vpn clients on the outside interface being issued addresses from the same subnet as the real_address, which works great, as vpn clients then appear to the rest of the network as if they reside on the local lan, rather than on some arbitrary subnet which exists only on the VPN.
The problem is, once the NAT rules are in place to allow the external smtp and https, the real_address becomes unavailable to clients on the vpn as the response traffic from the real_address gets NAT'd. This is similar to a client on the inside attempting to access an external NAT'd address except that the client (while they have an ip address from the inside, actually reside on the outside). Again, this works great until the NAT comes into play.
What I don't understand is the following: You say:
The problem is, once the NAT rules are in place to allow the external smtp and https, the real_address becomes unavailable to clients on the vpn as the response traffic from the real_address gets NAT'd.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...