For smtp traffic coming in, I need to send the traffic to a Spam filter device, and the www traffic to the OWA box (inside the DMZ). When the mail goes out from the Exchange Server I need it to use a different global(outside) than the other address so that it is on the address with the Reverse DNS entry. So far I have:
access-list inbound line 2 permit tcp any host x.x.x.124 eq smtp (hitcnt=245082)
access-list inbound line 4 permit tcp any host x.x.x.124 eq www (hitcnt=2623)
The problem I have is when I add the nat (inside) 25 rule, then the Exchange server no longer routes past the Pix to the internet on outbound connections, but I can still connect to it remotely via RDP. I have ran a clear xlate, and still cannot get it to traverse the pix and talk out on the x.x.x.124 address.
This same config works for me on another client's pix, just doesn't want to work here. they are both version 6.3. The one that works is 6.3(4) while this one is 6.3(1). Is it a bug in that revision, or am I missing something else?
1) Is the outside global address used in "global (outside) 25" identical to previously used?
2) According to your statements:
global (outside) 25 x.x.x.124
nat (inside) 25 192.168.0.20 255.255.255.255 0 0
You want to translate a single inside local ip 22.214.171.124 in the inside to the inside global x.x.x.124
But this is a one-to-one translation! And this is equivalent to:
static (inside, outside) x.x.x.124 192.168.0.20
And if the last x.x.x.124 is the same as previously used, you should have a problem with the "global (outside) 25" and event with the "static" command, I have proposed, because you can use the same outside global address in different static command only if you use different ports (policy NAT)
So i suggest the following if I understood what you want:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :