Solved

Setting up a NAT rule on ASA 5520

Posted on 2007-12-05
4
1,404 Views
Last Modified: 2010-04-21
I would think this is simple, but I cannot figure it out:

I want to set up a rule that forwards all SMTP traffic on IP address xxx.xxx.xxx.xxx (our firewall's IP) to our Exchange server at IP address yyy.yyy.yyy.yyy so that it can respond to handshake requests.  I know that this is a NAT rule, but I cannot figure out how to do it.  I would prefer do it in the ASDM interface as I am a visual person.

So basically I want all outside traffic that is calling port 25 on xxx to go to port 25 on yyyy.  I don't want any any ports on xxx touched as that is our main internet IP.

Please let me know
0
Comment
Question by:rustyrpage
  • 2
  • 2
4 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 20413356
In the ASDM, go to Configuration - NAT, then click the Add button. Choose Static NAT rule.

Answer the fields on this screen in the following way:

Under "Real Address"
Interface : inside
IP Address : yyy.yyy.yyy.yyy
Netmask : 255.255.255.255

Under "Static Translation"
Interface : outside
IP Address : click the pick list arrow and select "(interface IP)"

Check the "Enable Port Address Translation (PAT)" box

Protocol : tcp
Original port : choose "smtp" from the list
Translated port : choose "smtp" from the list

Click OK, then apply and you're done!

This doesn't cover the ACL that you will need to apply to allow the inbound SMTP traffic through the firewall...this just sets up the port redirection for SMTP.  Reply back if you need help on the ACL part...
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 20413367
How would I do the ACL...thanks
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20413491
Go to Configuration - Security Policy, then click Add.

Answer the fields on this screen in the following way:

Under "Interface and Action"
Interface : outside
Direction : incoming
Action : permit

Under "Source"
Type : click the pick list arrow and select "any"

Under "Destination"
Type : click the pick list arrow and select "interface IP"
Interface : outside

Under "Protocol and Service"
Protocol : tcp

Under "Source Port"
Leave default values

Under "Destination Port"
Leave the "Service" radio button enabled and leave the "=" sign there
Choose the pick list where it says "any" and change it to "smtp"

That should do it!
0
 
LVL 6

Author Closing Comment

by:rustyrpage
ID: 31412901
Thanks for your help!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now