02-25-2018 12:38 PM - edited 02-21-2020 07:26 AM
Hello!
I am new to ASDM, so please bear with me if my question does not make sense.
The situation:
We have a Cisco ASA 5505 and a range of IPs going from x.x.x.40 to 46. Two of the IPs are mapped to a sub-domain namely:
x.x.x.42 -> mail.company.com
x.x.x.44 -> vpn.company.com
The outside interface of the ASA is mapped to .44 so people can access the VPN using the vpn.company.com address. Using NAT, people can access the webmail using the mail.company.com address. We have our own mail server on the inside interface of the ASA
Now, when we send out e-mails they can be traced back to the .44 IP which is setup with reverse DNS that points back to mail.company.com. However, we have been experiencing that some of our mails are classified as spam, since mail.company.com points to the .42 IP and not the .44 IP.
My question is: is there a way that I can use NAT to translate mails (i.e. SMTP) to be send from the .42 IP when my outside interface is setup with the .44 IP?
If not, is there any other way I can have my emails sent from the same IP as the mail.company.com subdomain without compromising VPN connectivity? I have full access to the DNS settings of our domain
Thanks in advance!
Solved! Go to Solution.
02-25-2018 01:40 PM
You can NAT in whatever IP you want. You could also specify the service, so only email traffic will use the .42 IP .
The steps in ASDM should be something like:
Configuration -> Firewall -> NAT Rules -> Add Network Object -> Add Automatic Address Translation Rules
Type: Dynamic PAT
Translated Addr: .42
Advanced -> Service
Protocol: tcp
Real and Mapped port: 25
HTH
Bogdan
02-25-2018 01:40 PM
You can NAT in whatever IP you want. You could also specify the service, so only email traffic will use the .42 IP .
The steps in ASDM should be something like:
Configuration -> Firewall -> NAT Rules -> Add Network Object -> Add Automatic Address Translation Rules
Type: Dynamic PAT
Translated Addr: .42
Advanced -> Service
Protocol: tcp
Real and Mapped port: 25
HTH
Bogdan
02-26-2018 03:00 AM
02-26-2018 12:58 PM
02-25-2018 08:54 PM
02-26-2018 03:03 AM
Hello! Thanks for your reply!
I assume I should do this after implementing Bogdan's solution? I am also looking at the SPF, but I am currently waiting for a reply from the people handling our newsletter since they changed the SPF record to make it work with MailChimp.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide