Setting up a NAT rule on ASA 5520

I would think this is simple, but I cannot figure it out:

I want to set up a rule that forwards all SMTP traffic on IP address xxx.xxx.xxx.xxx (our firewall's IP) to our Exchange server at IP address yyy.yyy.yyy.yyy so that it can respond to handshake requests.  I know that this is a NAT rule, but I cannot figure out how to do it.  I would prefer do it in the ASDM interface as I am a visual person.

So basically I want all outside traffic that is calling port 25 on xxx to go to port 25 on yyyy.  I don't want any any ports on xxx touched as that is our main internet IP.

Please let me know
LVL 6
rustyrpageAsked:
Who is Participating?
 
batry_boyCommented:
Go to Configuration - Security Policy, then click Add.

Answer the fields on this screen in the following way:

Under "Interface and Action"
Interface : outside
Direction : incoming
Action : permit

Under "Source"
Type : click the pick list arrow and select "any"

Under "Destination"
Type : click the pick list arrow and select "interface IP"
Interface : outside

Under "Protocol and Service"
Protocol : tcp

Under "Source Port"
Leave default values

Under "Destination Port"
Leave the "Service" radio button enabled and leave the "=" sign there
Choose the pick list where it says "any" and change it to "smtp"

That should do it!
0
 
batry_boyCommented:
In the ASDM, go to Configuration - NAT, then click the Add button. Choose Static NAT rule.

Answer the fields on this screen in the following way:

Under "Real Address"
Interface : inside
IP Address : yyy.yyy.yyy.yyy
Netmask : 255.255.255.255

Under "Static Translation"
Interface : outside
IP Address : click the pick list arrow and select "(interface IP)"

Check the "Enable Port Address Translation (PAT)" box

Protocol : tcp
Original port : choose "smtp" from the list
Translated port : choose "smtp" from the list

Click OK, then apply and you're done!

This doesn't cover the ACL that you will need to apply to allow the inbound SMTP traffic through the firewall...this just sets up the port redirection for SMTP.  Reply back if you need help on the ACL part...
0
 
rustyrpageAuthor Commented:
How would I do the ACL...thanks
0
 
rustyrpageAuthor Commented:
Thanks for your help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.