Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static/Dynamic NAT at the same time

Hello,

I was just wondering if this setup would work:

global (External) 1 1.1.1.1

nat (Internal) 1 192.168.0.0 255.255.0.0

static (Internal,External) tcp 1.1.1.2 smtp 192.168.1.28 smtp netmask 255.255.255.255

In that setup we are doing static NAT/port forwarding for 1.1.1.2 to 192.168.1.28 in the inbound direction but on the outbound direction 192.168.1.28 gets NAT'd to 1.1.1.1. Is that possible?

3 REPLIES

Re: Static/Dynamic NAT at the same time

No - the static nat command works in both directions, so host 192.168.1.28 will be natt'd on the outbound to 1.1.1.2

HTH>

New Member

Re: Static/Dynamic NAT at the same time

Hi,

Yes, It will work.

ASA check NAT in following Priority

1. NAT Exemption

2. Static NAT/PAT (Regular and Policy)

3. Policy Dynamic NAT

4. Regular Dynamic NAT

Since your are doing Static PAT, and is bidirectional (1.1.1.2:25<->192.168.1.28:25).

And all application initiated by 192.168.1.2 will match Regular Dynamic NAT rule 1 and uses 1.1.1.1 as translated IP.

Note: if 192.168.1.28 is your email server and sends outbound smtp then it is recommended to do static NAT. Since your outbound smtp will be 192.168.1.28:35570->smtp.xyz.com:25 and will match IP 1.1.1.1

Some antispam engine using reverse dnslookup fails matching IP(dns record of smtp.yourdomain.com=1.1.1.2) and email received from yourdomain.com with sender ip 1.1.1.1, this mismatch might lead to as spam.

H2H

Roshan

New Member

Re: Static/Dynamic NAT at the same time

As I understand it (from your above config) you internal machine (192.168.1.28) will use the address 1.1.1.2 for all SMTP communications, all other communications will use the 1.1.1.1 address.

HTH

Steve

173
Views
4
Helpful
3
Replies
CreatePlease to create content