|
Posted by K.J. 44 on September 14, 2006, 11:30 am
If you were Registered and logged in, you could reply and use other advanced thread options
talking to myself :) )
What i want is to have JUST SMTP traffic from the server translated to
the PUBLIC IP #2. All other traffic from everyone translated to PUBLIC
IP #1. I thought I could do that with policy NAT.
Thanks in advance.
K.J. 44 wrote:
> okay well i cant even do the last command so someone please shed some
> light for me.
>
> Thanks.
>
> K.J. 44 wrote:
> > When my server sends mail, it is getting translated with the PAT
> > instead of the policy NAT. THis is not good. Mail is going through
> > but mail will not be able to come in like this.
> >
> > There has to be something wrong with the ACL.
> >
> > access-list policy_PAT_SMTP permit tcp host 192.168.1.4 any eq 25
> > -- A match if the source address is the server and destination address
> > is anything using port 25
> >
> > access-list policy_PAT_SMTP permit tcp host 192.168.1.4 eq 25 any
> > -- A match if the source is the server on port 25 to anywhere
> >
> > Now, with the policy NAT, the reverse is true right? So the second
> > rule can be read also as "A match if the source is anywhere and the
> > destination is the server on port 25. "
> >
> > Would I need to create a second Policy NAT that had something like:
> >
> > access-list policy_outside_SMTP permit tcp any host PUBLIC.IP eq 25
> > static (outside,inside) PRIVATE.IP access-list policy_outside_SMTP
> >
> > thanks.
> > K.J. 44 wrote:
> > > Hi,
> > >
> > > I would like to first say thanks to all who have helped me with my ASA.
> > > It has been my first time working with one and it has been interesting
> > > learning it. For those of you helping me before, I have no idea why it
> > > wouldn't let anything through. I simply removed everything, and put it
> > > all back in one at a time, testing each time. Now it is working.
> > > There must be something I am missing but when I look at my old configs
> > > and my new configs, they look almost identical. It doesn't matter
> > > because it is working....
> > >
> > > Now my current issue is this. I am trying to configure static policy
> > > nat to check an ACL to see if the information is coming from or
> > > destined to my server on port 25 so that mail traffic has a different
> > > public ip then everything else. My current PAT for everything else is
> > > working fine. Here is my acl and nat statement:
> > >
> > > access-list policy_PAT_SMTP permit tcp host 192.168.1.4 any eq 25
> > > access-list policy_PAT_SMTP permit tcp host 192.168.1.4 eq 25 any
> > >
> > > static (inside,outside) PUBLIC.IP.2 access-list policy_PAT_SMTP
> > >
> > > Here is my normal PAT which works fine: (from sh nat command)
> > >
> > > match ip inside 192.168.0.0 255.255.0.0 outside any dynamic translation
> > > to pool 2 (PUBLIC.IP.1)
> > >
> > > There are no hits on the policy NAT. Does anybody see anything
> > > glaringly wrong? I have been trying to telnet in on port 25 to test my
> > > mail servers connectivity.
> > >
> > > Thanks.
| 
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map