Overview of data flow. The other company is requiring us to nat to the 192.168.x.x addresses
- Outbound ftp traffic from any host to X needs to be natted to a single ip address
- SMTP traffic needs to flow both ways to a natted ip address (problem here is that our server will send email on 1 ip address and receive on another)
- Inbound ftp needs to go to a single natted ip address
Our ip's are 10.10.x.x and we will be natting to a 192.168.221.x address.
Two Static Nat's for inbound ftp and smtp traffic
Static (inside,outside) 192.168.221.241 10.10.x.y [This is for the inbound ftp]
Static (inside,outside) 192.168.221.242 10.10.x.x [ Inbound SMTP Traffic]
Dynamic Nat for Outbound FTP/SMTP
Access-list mynat permit ip 10.10.0.0 255.255.0.0 host x.y.z.1 (traffic to ftp)
access-list mynat permit ip 10.10.0.0 255.255.0.0 host x.y.z.2 (traffic to their smtp server)
Nat(inside) 4 access-list mynat
Global(outside) 4 192.168.221.243
Crypto Access-list
Access-list vpnacl permit ip 192.168.221.240 255.255.255.252 x.y.z.0 255.255.255.0
Crypto map mymap 10 match address vpnacl
Thanks