Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Setting up a NAT rule on ASA 5520

Posted on 2007-12-05
4
Medium Priority
?
1,411 Views
Last Modified: 2010-04-21
I would think this is simple, but I cannot figure it out:

I want to set up a rule that forwards all SMTP traffic on IP address xxx.xxx.xxx.xxx (our firewall's IP) to our Exchange server at IP address yyy.yyy.yyy.yyy so that it can respond to handshake requests.  I know that this is a NAT rule, but I cannot figure out how to do it.  I would prefer do it in the ASDM interface as I am a visual person.

So basically I want all outside traffic that is calling port 25 on xxx to go to port 25 on yyyy.  I don't want any any ports on xxx touched as that is our main internet IP.

Please let me know
0
Comment
Question by:rustyrpage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 20413356
In the ASDM, go to Configuration - NAT, then click the Add button. Choose Static NAT rule.

Answer the fields on this screen in the following way:

Under "Real Address"
Interface : inside
IP Address : yyy.yyy.yyy.yyy
Netmask : 255.255.255.255

Under "Static Translation"
Interface : outside
IP Address : click the pick list arrow and select "(interface IP)"

Check the "Enable Port Address Translation (PAT)" box

Protocol : tcp
Original port : choose "smtp" from the list
Translated port : choose "smtp" from the list

Click OK, then apply and you're done!

This doesn't cover the ACL that you will need to apply to allow the inbound SMTP traffic through the firewall...this just sets up the port redirection for SMTP.  Reply back if you need help on the ACL part...
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 20413367
How would I do the ACL...thanks
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 2000 total points
ID: 20413491
Go to Configuration - Security Policy, then click Add.

Answer the fields on this screen in the following way:

Under "Interface and Action"
Interface : outside
Direction : incoming
Action : permit

Under "Source"
Type : click the pick list arrow and select "any"

Under "Destination"
Type : click the pick list arrow and select "interface IP"
Interface : outside

Under "Protocol and Service"
Protocol : tcp

Under "Source Port"
Leave default values

Under "Destination Port"
Leave the "Service" radio button enabled and leave the "=" sign there
Choose the pick list where it says "any" and change it to "smtp"

That should do it!
0
 
LVL 6

Author Closing Comment

by:rustyrpage
ID: 31412901
Thanks for your help!
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question