Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Static IP

Dear All;

I have configured My Exchange server behind the firewall.

static (inside,outside) 202.X.X.43 172.16.0.55 netmask 255.255.255.255 0 0

on the other hand

global (outside) 2 202.X.X.43

nat (inside) 2 172.16.0.55 255.255.255.255 0 0

keeping in mind these settings......

now i want to define 1 Public IP for Exchange server for recevivng and sending.

please guide me.

2 REPLIES
Bronze

Re: Static IP

hello,

are you saying that you cannot send recevie any emails on exchange server after configuring what you did.

another question, after looking at your global and nat command it loooks like you are only making one IP to be natted which is trying to reach outside and it is your exchange server ip address.

therefore if that is that case then most likely you don't need global and nat all you need to do is configure static and have ACL to allow SMTP and POP3 on the outside interface like below

//to allow smtp

access-list acl_out permit tcp any host 202.X.X.43 eq smtp

//to allow pop3

access-list acl_out permit tcp any host 202.X.X.43 eq pop3

//to allow web access

access-list acl_out permit tcp any host 202.X.X.43 eq https

//to apply ACL on the outside interface

access-group acl_out in interface outside

HTH, please rate if it does

Community Member

Re: Static IP

is 202.X.X.43 the public IP you want to use for your exchange server? If so the

static (inside,outside) 202.X.X.43 172.16.0.55 netmask 255.255.255.255 0 0

command is correct. You must then allow access on your outside access-list to the public IP for receiving and allow access on the private IP on your inside access-list for sending.

291
Views
0
Helpful
2
Replies
CreatePlease to create content