This works great .67 is a smtp server that only SENDS email out.
What I want todo is to have a load-balancer on the inside that sends traffic to multiple smtp servers 2-3. I want 66.xx.xx.153 from outside to inside to go to port 25 on our loadbalancer and I also want all our internal smtp servers to leave our firewall natted behind 66.xx.xx.153.. So something like
* You have 3 internal servers that you want to SEND email from directly to external servers and have them reverse DNS to your external IP 63.xx.xx.153?
Allow your 3 servers to connect to anything on port 25 through your global nat policy, something like this:
access-list acl_out extended permit tcp EMAIL_SERVER_GROUP any eq smtp
I assume you already have an internal to external internet connection (global NAT policy), so this will mean external receiving email servers will see your internal servers connecting to them from 63.xx.xx.153.
What wouldnt be possible is having your 3 mail servers sending AND receiving on your single external IP address, but the above scenario is fine because you are only receiving email to one server (your load balancer). The 3 sending servers only need to be allowed to send out the firewall.
Your better off posting your current config and then Jennifer or one of the other experts will be able to tell you the exact commands you'd need to achieve this..
NOTE: You should really also consider having your load balancer sitting in a DMZ, as that is essentially open to the world, so in a production environment that should be sitting in a completely separate network, if you have extra physical ports on your firewall then plug your load balancer into that
PS - It's always better to port map a single port/ports when you need them - don't do a static 1to1 nat for your servers or hosts as they are effectively completely open to the internet and it is almost pointless having a firewall in place if you do that.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :