11-01-2010 08:28 AM - edited 03-04-2019 10:19 AM
Hello Dears,
I have the following situation on a router. I have a mail relay agent(10.0.0.5) and I have to translate port 25 of my global address x.x.x.x:25 to it. The mail relay agent sends the received mail to the mail server which has the address 10.0.0.6. Then the mail server sends messages directly to the internet and I have to translate its address to the global x.x.x.x:25. It looks like this:
Message arrives at x.x.x.x:25 translates to -> 10.0.0.5:25. Then 10.0.0.5 sends mails to 10.0.0.6(mail server).
When 10.0.0.6(mail server) sends mail to the internet translates to -> x.x.x.x:25
Basically I have to translate the public x.x.x.x:25 to 10.0.0.5 when it enters the outside interface and translate 10.0.0.6 to x.x.x.x:25 when it goes out the interface.
I will be very garetful if somebody can help with that configuration issue.
Regards,
Ivaylo
11-01-2010 05:39 PM
Hi,
Is this an ASA?
If so you can do the following...
static (in,out) tcp x.x.x.x 25 10.0.0.5 25
nat (inside) 1 10.0.0.6 255.255.255.255
global (outside) 1 x.x.x.x 255.255.255.255
The static NAT above will translate the inbound traffic to the Mail Relay Server when reaching the x.x.x.x address on TCP port 25 and redirect it to 10.0.0.5 on port 25.
The nat/global commands will translate the packets from 10.0.0.6 to the Internet to x.x.x.x for outbound traffic.
Hope it helps.
Federico.
11-02-2010 12:34 AM
Hi Federico,
Thank you for the response but the problem is that it is not a ASA. It is a router. I can not figure out how to do the the NAT on a router.
If somo1 can give a hint it'll be great.
Thanks,
Ivaylo
11-02-2010 09:10 AM
If it's a router the configuration will be something like this:
ip nat inside source tcp 10.0.0.5 25 x.x.x.x 25
ip access-list extended NAT
permit ip host 10.0.0.6 any
ip nat pool mypool x.x.x.x x.x.x.x
ip nat inside source list NAT pool mypool
In this way, inbound connections to x.x.x.x on port 25 will be redirected to 10.0.0.5 on port 25.
Outbound connections from 10.0.0.6 will get translated to the NAT pool (which is composed of x.x.x.x)
Federico.
11-02-2010 01:05 PM
That is a correct configuration but when you have an outbound connection
server's address 10.0.0.6 will get translated with a random port, not port 25, since it is staticaly reserved from the statement ip nat inside source tcp 10.0.0.5 25 x.x.x.x 25. I need to keep port 25 as well.
Ivaylo
11-02-2010 01:49 PM
Let's see...
If you have a mail server that you want to access from the outside on port 25 you then have:
ip nat inside source static tcp PRIVATE_IP 25 PUBLIC_IP 25
The traffic that is sent to PUBLIC_IP on port 25 will be redirected to PRIVATE_IP on port 25.
Even with the above configuration, when PRIVATE_IP initiates outbound traffic it will take a random port as its source port to create the connection.
Please clarify...
You don't need host 10.0.0.6 to use source port 25 when initiating outbound connections correct?
You need host 10.0.0.6 to use port 25 when responding to requests from the outside?
If you send a request to host 10.0.0.6 on port 25, the response will come from source port 25.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide