Replacing PIX with Cisco ASA 5505 issues

Posted on 2011-03-23
Last Modified: 2012-08-13
We replaced an extremely old PIX with an ASA 5505. We duplicated the old config on the new ASA (when possible) but still having a couple issues. The biggest one is that the old PIX had a rule that assigned an additional wan ip address to the outside interface.

global (outside) 1 74.x.x.12

I don't think the ASA is using that line (if at all) the way the pix did because we are having issues with some outbound email bouncing back due to our SPF record. The SPF record is set to 74.x.x.12 but when I telnet into other mail servers, they are seeing me come from 74.x.x.10 which is the IP assigned to the outside interface 0/0 of the ASA.

Any ideas how to resolve this besides changing the SPF record?
Question by:amkbailey
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
LVL 13

Expert Comment

ID: 35200316
Need to create a static NAT rule for your email server and 74.x.x.12

Author Comment

ID: 35200360
Here was the existing NAT rule.

access-list acl_inbound permit tcp any host 74.x.x.11 eq smtp

I added
access-list acl_inbound permit tcp any host 74.x.x.12 eq smtp

but when I telent into other mail servers, it is seeing my ip in the greeting as 74.x.x.10
LVL 13

Accepted Solution

kdearing earned 250 total points
ID: 35200483
Those are access rules, not NAT commands.

What CLI version are you running, 8.2 or 8.3?
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.


Author Comment

ID: 35200576
8.2 (1)

nat (inside,outside) tcp 74.x.x.11 smtp 10.x.x.113 smtp netmask
LVL 79

Assisted Solution

lrmoore earned 250 total points
ID: 35201176
>nat (inside,outside) tcp 74.x.x.11 smtp 10.x.x.113 smtp netmask

This should say
 static (inside,outside) 74.x.x.11  10.x.x.113 netmask

Author Comment

ID: 35201450
sorry. it does. left that part off. I guess I need to post both config files to see the difference.
LVL 79

Expert Comment

ID: 35202498
It should be a 1-1 static nat, or a policy nat and not just the smtp port static.

Author Closing Comment

ID: 35244411
We ended up just going to 1 static IP so we have it working ok now.

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ip igmp join-group 8 73
can't ssh to external IP 9 64
pptp through Cisco ASA5505 V7 5 34
Urgent !I am connecting a cisco catalyst 3560 switch amber light on port 15 50
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question