Overview of data flow. The other company is requiring us to nat to the 192.168.x.x addresses

- Outbound ftp traffic from any host to X needs to be natted to a single ip address

- SMTP traffic needs to flow both ways to a natted ip address (problem here is that our server will send email on 1 ip address and receive on another)

- Inbound ftp needs to go to a single natted ip address

Our ip's are 10.10.x.x and we will be natting to a 192.168.221.x address.

Two Static Nat's for inbound ftp and smtp traffic

Static (inside,outside) 192.168.221.241 10.10.x.y [This is for the inbound ftp]

Static (inside,outside) 192.168.221.242 10.10.x.x [ Inbound SMTP Traffic]

Dynamic Nat for Outbound FTP/SMTP

Access-list mynat permit ip 10.10.0.0 255.255.0.0 host x.y.z.1 (traffic to ftp)

access-list mynat permit ip 10.10.0.0 255.255.0.0 host x.y.z.2 (traffic to their smtp server)

Nat(inside) 4 access-list mynat

Global(outside) 4 192.168.221.243

Crypto Access-list

Access-list vpnacl permit ip 192.168.221.240 255.255.255.252 x.y.z.0 255.255.255.0

Crypto map mymap 10 match address vpnacl

Thanks