i have a cisco pix 515e that sits in front of a symantec spam 8240 appliance. we need to nat the ip address of the box to a public ip 67.a.b.c which is done - no problem. what we need to do next is nat the virtual interface that is used for sending mail out to the same public ip. the virtual ip address cant accept mail from the outside.
i am looking for advice configuring this on the firewall.
This will be a problem. From your explanation I understand that you have configured NAT for the box. This means that everything arriving on 67.a.b.c is forwarded to the box's IP.
You cannot make an exception for SMTP or any other port/protocol so I think that you will need to use a different IP adress to xlate the virtual interface.
If you do not need to nat the whole ip adress to box outside adress you may use PAT to forward certain ports to one inside adress and other ports to a different one. In that way it will be possible to use one outside adress for both applications.
To use PAT you have to specify the desired protocol and port with the nat command:
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...