Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cannot static nat to MX recorded IP on ASA.

Hi ,

Maybe there is a rule that I'm not aware of so here I am. I was previously using my mail server behind my ISA server which in turn had a direct(real) IP. This same IP has an MX record as pointing to my mail server and once mails hit my ISA , the ISA redirects ports 110,25 & 80 for the WEb access to the Mail server.

Now I am introducing an ASA5520 and I tried to put another REAL ip in the range for my external interface while creating a Static Nat for my REAL (MXed) IP , but that just doesnt seem to be working.

Basically unless my MXed IP is on a physical interface ( like NIC of server or Outside of ASA) , i cannot ping it. IF i position this MXed IP on the outside interface and then try a static nat for any of the other IPs in the range, it works just fine..weird aint it ???

Suggestions?

2 REPLIES
Gold

Re: Cannot static nat to MX recorded IP on ASA.

the way to achieve this objective is to configure

static, and inbound acl.

depending on the number of public ip available, the configuration would be different.

1. a single public ip

static (inside,outside) tcp interface 25 25 netmask 255.255.255.255

static (inside,outside) tcp interface 110 110 netmask 255.255.255.255

clear xlate local

access-list 111 permit tcp any interface outside eq 25

access-list 111 permit tcp any interface outside eq 110

access-group 111 in interface outside

2. with multiple public ips:

static (inside,outside) netmask 255.255.255.255

clear xlate

access-list 111 permit tcp any host eq 25

access-list 111 permit tcp any host eq 110

access-group 111 in interface outside

Gold

Re: Cannot static nat to MX recorded IP on ASA.

the rating indicated that the information provided is not valuable.

please feel free to discuss further.

98
Views
2
Helpful
2
Replies
CreatePlease to create content