FOS 6.22 on PIX 515E. Mail server behind firewall needs to send and receive mail. Only have a few IP addresses on outside subnet. Using static PAT (for SMTP) to map mail server to outside interface as to direct inbound SMTP messages to mail server and conserve IPs. Mail server also needs to initiate conx outbound to send mail. Was advised to use NAT and global for outbound conx using address assigned to outside interface as NAT address for mail server. Will this not create a translation issue if a static translation already exists for the mail server? Is the NAT and global necessary if the static PAT exists? Or is there a better way of setting this up with limited outside IPs?
The document suggests a good method. Unfortunately I have limited IP addresses on the outside so had resorted to port redirection (static PAT). I've basically got only one available IP outisde. Any ideas?
With your suggestion, once the static translation is built will it permit the mail server to send mails outbound as well, or is another translation required?
What I have not told you (to make the original question easier to comprehend) is that I actually have 3 internal servers in addition to the mail server that need to initiate outbound connections only. I doubt that with one IP that this could be done as I would have to use PAT for the other servers using the sole outside IP. As far as I am aware, you cannot PAT and static on the same global (outside) IP. Bit of a nightmare, huh! Is it just a case of getting more IPs?
If you have only one public IP address and one mail server on the inside the config I posted will work for your mail server for both inbound and out bound SMTP traffic. Makesure that your ISP MX Record is pointing to your outside PIX interface IP address for SMTP.
If you've got more than one mail server behind the PIX, then the better option would be to obtain further public IP addresses for those aditional servers. But the config I posted for the one IP address will not work and you'll need to modify your config accordingly with ACLs and static's.
Hope this helps and let me know if require further help.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...