Replacing PIX with Cisco ASA 5505 issues

Posted on 2011-03-23
Last Modified: 2012-08-13
We replaced an extremely old PIX with an ASA 5505. We duplicated the old config on the new ASA (when possible) but still having a couple issues. The biggest one is that the old PIX had a rule that assigned an additional wan ip address to the outside interface.

global (outside) 1 74.x.x.12

I don't think the ASA is using that line (if at all) the way the pix did because we are having issues with some outbound email bouncing back due to our SPF record. The SPF record is set to 74.x.x.12 but when I telnet into other mail servers, they are seeing me come from 74.x.x.10 which is the IP assigned to the outside interface 0/0 of the ASA.

Any ideas how to resolve this besides changing the SPF record?
Question by:amkbailey
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
LVL 13

Expert Comment

ID: 35200316
Need to create a static NAT rule for your email server and 74.x.x.12

Author Comment

ID: 35200360
Here was the existing NAT rule.

access-list acl_inbound permit tcp any host 74.x.x.11 eq smtp

I added
access-list acl_inbound permit tcp any host 74.x.x.12 eq smtp

but when I telent into other mail servers, it is seeing my ip in the greeting as 74.x.x.10
LVL 13

Accepted Solution

kdearing earned 250 total points
ID: 35200483
Those are access rules, not NAT commands.

What CLI version are you running, 8.2 or 8.3?
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Author Comment

ID: 35200576
8.2 (1)

nat (inside,outside) tcp 74.x.x.11 smtp 10.x.x.113 smtp netmask
LVL 79

Assisted Solution

lrmoore earned 250 total points
ID: 35201176
>nat (inside,outside) tcp 74.x.x.11 smtp 10.x.x.113 smtp netmask

This should say
 static (inside,outside) 74.x.x.11  10.x.x.113 netmask

Author Comment

ID: 35201450
sorry. it does. left that part off. I guess I need to post both config files to see the difference.
LVL 79

Expert Comment

ID: 35202498
It should be a 1-1 static nat, or a policy nat and not just the smtp port static.

Author Closing Comment

ID: 35244411
We ended up just going to 1 static IP so we have it working ok now.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month6 days, 13 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question