Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1 to 2 NAT

I am trying to get our mail server to talk through two different NAT addresses.

One is to a public IP that works and has been in place.

We've recently partnered with another company and we need to send email to their domain through a VPN.

The VPN is operational.

Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.

What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: 1 to 2 NAT

westcare wrote:

I am trying to get our mail server to talk through two different NAT addresses.

One is to a public IP that works and has been in place.

We've recently partnered with another company and we need to send email to their domain through a VPN.

The VPN is operational.

Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.

What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this

access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0

static (inside,outside) access-list pnat

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

2 REPLIES
Hall of Fame Super Blue

Re: 1 to 2 NAT

westcare wrote:

I am trying to get our mail server to talk through two different NAT addresses.

One is to a public IP that works and has been in place.

We've recently partnered with another company and we need to send email to their domain through a VPN.

The VPN is operational.

Our Firewall is an ASA 5520 and it act as both the firewall and the VPN.

What is happening is servers, such as our mail server that are already NATed to a public IP are trying to use the public translation instead of the VPN translation.

Assuming remote VPN network is 172.16.5.0/24 and your mail server is 192.168.5.10 try this

access-list pnat permit ip host 192.168.5.10 172.16.5.0 255.255.255.0

static (inside,outside) access-list pnat

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

New Member

Re: 1 to 2 NAT

Thanks for the reply this works.

I also had to remove the 1st NAT for the public IP and put it back in, so the VPN NAT would be higher list.

197
Views
0
Helpful
2
Replies