Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
1
Replies

Single outside public - can I PAT out and NAT my SMTP server back in

Go to solution
geraghtyconor
Level 1
Level 1

‎07-31-2012 03:54 AM - edited ‎03-11-2019 04:36 PM

Hello folks,

I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.

I would like...

1: Users on my private network to be able to access the internet (PAT them to external outside address)

2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.

i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?

Email (MX) = 1.2.3.4

Public (outside) address = 1.2.3.4

Email server internal = 10.1.2.3

Internal private subnet for users = 10.0.0.0/8

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎07-31-2012 05:11 AM

Hi Bro

Yes, your requirements can be fulfilled with Cisco ASA.

static (inside,outside) tcp interface 110 tcp 10.1.2.3 110 netmask 255.255.255.255

static (inside,outside) tcp interface 25 tcp 10.1.2.3 25 netmask 255.255.255.255

static (inside,outside) tcp interface 25 tcp 10.1.2.3 143 netmask 255.255.255.255

global (outside) 1 interface

nat (inside) 1 10.0.0.0 255.0.0.0

access-list inside permit ip any any

access-list outside permit ip any any

access-group inside in interface inside

access-group outside in interface outside

For more Microsoft application's port numbers, please refer to this URL http://support.microsoft.com/kb/832017

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option “This Question is Answered”

Warm regards,
Ramraj Sivagnanam Sivajanam

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎07-31-2012 05:11 AM

Hi Bro

Yes, your requirements can be fulfilled with Cisco ASA.

static (inside,outside) tcp interface 110 tcp 10.1.2.3 110 netmask 255.255.255.255

static (inside,outside) tcp interface 25 tcp 10.1.2.3 25 netmask 255.255.255.255

static (inside,outside) tcp interface 25 tcp 10.1.2.3 143 netmask 255.255.255.255

global (outside) 1 interface

nat (inside) 1 10.0.0.0 255.0.0.0

access-list inside permit ip any any

access-list outside permit ip any any

access-group inside in interface inside

access-group outside in interface outside

For more Microsoft application's port numbers, please refer to this URL http://support.microsoft.com/kb/832017

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option “This Question is Answered”

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card