03-16-2006 02:37 AM - edited 02-21-2020 12:46 AM
Hi ,
Maybe there is a rule that I'm not aware of so here I am. I was previously using my mail server behind my ISA server which in turn had a direct(real) IP. This same IP has an MX record as pointing to my mail server and once mails hit my ISA , the ISA redirects ports 110,25 & 80 for the WEb access to the Mail server.
Now I am introducing an ASA5520 and I tried to put another REAL ip in the range for my external interface while creating a Static Nat for my REAL (MXed) IP , but that just doesnt seem to be working.
Basically unless my MXed IP is on a physical interface ( like NIC of server or Outside of ASA) , i cannot ping it. IF i position this MXed IP on the outside interface and then try a static nat for any of the other IPs in the range, it works just fine..weird aint it ???
Suggestions?
03-16-2006 03:55 PM
the way to achieve this objective is to configure
static, and inbound acl.
depending on the number of public ip available, the configuration would be different.
1. a single public ip
static (inside,outside) tcp interface 25
static (inside,outside) tcp interface 110
clear xlate local
access-list 111 permit tcp any interface outside eq 25
access-list 111 permit tcp any interface outside eq 110
access-group 111 in interface outside
2. with multiple public ips:
static (inside,outside)
clear xlate
access-list 111 permit tcp any host
access-list 111 permit tcp any host
access-group 111 in interface outside
03-18-2006 07:13 AM
the rating indicated that the information provided is not valuable.
please feel free to discuss further.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: