Solved

Setting up a NAT rule on ASA 5520

Posted on 2007-12-05
4
1,406 Views
Last Modified: 2010-04-21
I would think this is simple, but I cannot figure it out:

I want to set up a rule that forwards all SMTP traffic on IP address xxx.xxx.xxx.xxx (our firewall's IP) to our Exchange server at IP address yyy.yyy.yyy.yyy so that it can respond to handshake requests.  I know that this is a NAT rule, but I cannot figure out how to do it.  I would prefer do it in the ASDM interface as I am a visual person.

So basically I want all outside traffic that is calling port 25 on xxx to go to port 25 on yyyy.  I don't want any any ports on xxx touched as that is our main internet IP.

Please let me know
0
Comment
Question by:rustyrpage
  • 2
  • 2
4 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 20413356
In the ASDM, go to Configuration - NAT, then click the Add button. Choose Static NAT rule.

Answer the fields on this screen in the following way:

Under "Real Address"
Interface : inside
IP Address : yyy.yyy.yyy.yyy
Netmask : 255.255.255.255

Under "Static Translation"
Interface : outside
IP Address : click the pick list arrow and select "(interface IP)"

Check the "Enable Port Address Translation (PAT)" box

Protocol : tcp
Original port : choose "smtp" from the list
Translated port : choose "smtp" from the list

Click OK, then apply and you're done!

This doesn't cover the ACL that you will need to apply to allow the inbound SMTP traffic through the firewall...this just sets up the port redirection for SMTP.  Reply back if you need help on the ACL part...
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 20413367
How would I do the ACL...thanks
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20413491
Go to Configuration - Security Policy, then click Add.

Answer the fields on this screen in the following way:

Under "Interface and Action"
Interface : outside
Direction : incoming
Action : permit

Under "Source"
Type : click the pick list arrow and select "any"

Under "Destination"
Type : click the pick list arrow and select "interface IP"
Interface : outside

Under "Protocol and Service"
Protocol : tcp

Under "Source Port"
Leave default values

Under "Destination Port"
Leave the "Service" radio button enabled and leave the "=" sign there
Choose the pick list where it says "any" and change it to "smtp"

That should do it!
0
 
LVL 6

Author Closing Comment

by:rustyrpage
ID: 31412901
Thanks for your help!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Firewall Appliance 3 74
RDP Sonicwall 8 88
Fortigate 100D NTP Issue 4 110
Windows 2012 R2 Anywhere Access and PCI compliance 5 32
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question