Solved

Setting up a NAT rule on ASA 5520

Posted on 2007-12-05
4
1,402 Views
Last Modified: 2010-04-21
I would think this is simple, but I cannot figure it out:

I want to set up a rule that forwards all SMTP traffic on IP address xxx.xxx.xxx.xxx (our firewall's IP) to our Exchange server at IP address yyy.yyy.yyy.yyy so that it can respond to handshake requests.  I know that this is a NAT rule, but I cannot figure out how to do it.  I would prefer do it in the ASDM interface as I am a visual person.

So basically I want all outside traffic that is calling port 25 on xxx to go to port 25 on yyyy.  I don't want any any ports on xxx touched as that is our main internet IP.

Please let me know
0
Comment
Question by:rustyrpage
  • 2
  • 2
4 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 20413356
In the ASDM, go to Configuration - NAT, then click the Add button. Choose Static NAT rule.

Answer the fields on this screen in the following way:

Under "Real Address"
Interface : inside
IP Address : yyy.yyy.yyy.yyy
Netmask : 255.255.255.255

Under "Static Translation"
Interface : outside
IP Address : click the pick list arrow and select "(interface IP)"

Check the "Enable Port Address Translation (PAT)" box

Protocol : tcp
Original port : choose "smtp" from the list
Translated port : choose "smtp" from the list

Click OK, then apply and you're done!

This doesn't cover the ACL that you will need to apply to allow the inbound SMTP traffic through the firewall...this just sets up the port redirection for SMTP.  Reply back if you need help on the ACL part...
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 20413367
How would I do the ACL...thanks
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20413491
Go to Configuration - Security Policy, then click Add.

Answer the fields on this screen in the following way:

Under "Interface and Action"
Interface : outside
Direction : incoming
Action : permit

Under "Source"
Type : click the pick list arrow and select "any"

Under "Destination"
Type : click the pick list arrow and select "interface IP"
Interface : outside

Under "Protocol and Service"
Protocol : tcp

Under "Source Port"
Leave default values

Under "Destination Port"
Leave the "Service" radio button enabled and leave the "=" sign there
Choose the pick list where it says "any" and change it to "smtp"

That should do it!
0
 
LVL 6

Author Closing Comment

by:rustyrpage
ID: 31412901
Thanks for your help!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now