Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Replacing PIX with Cisco ASA 5505 issues

Posted on 2011-03-23
8
Medium Priority
?
461 Views
Last Modified: 2012-08-13
We replaced an extremely old PIX with an ASA 5505. We duplicated the old config on the new ASA (when possible) but still having a couple issues. The biggest one is that the old PIX had a rule that assigned an additional wan ip address to the outside interface.

global (outside) 1 74.x.x.12

I don't think the ASA is using that line (if at all) the way the pix did because we are having issues with some outbound email bouncing back due to our SPF record. The SPF record is set to 74.x.x.12 but when I telnet into other mail servers, they are seeing me come from 74.x.x.10 which is the IP assigned to the outside interface 0/0 of the ASA.

Any ideas how to resolve this besides changing the SPF record?
0
Comment
Question by:amkbailey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 13

Expert Comment

by:kdearing
ID: 35200316
Need to create a static NAT rule for your email server and 74.x.x.12
0
 

Author Comment

by:amkbailey
ID: 35200360
Here was the existing NAT rule.

access-list acl_inbound permit tcp any host 74.x.x.11 eq smtp

I added
access-list acl_inbound permit tcp any host 74.x.x.12 eq smtp

but when I telent into other mail servers, it is seeing my ip in the greeting as 74.x.x.10
0
 
LVL 13

Accepted Solution

by:
kdearing earned 1000 total points
ID: 35200483
Those are access rules, not NAT commands.

What CLI version are you running, 8.2 or 8.3?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:amkbailey
ID: 35200576
8.2 (1)

nat (inside,outside) tcp 74.x.x.11 smtp 10.x.x.113 smtp netmask
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1000 total points
ID: 35201176
>nat (inside,outside) tcp 74.x.x.11 smtp 10.x.x.113 smtp netmask

This should say
 static (inside,outside) 74.x.x.11  10.x.x.113 netmask 255.255.255.255
 ^^^
0
 

Author Comment

by:amkbailey
ID: 35201450
sorry. it does. left that part off. I guess I need to post both config files to see the difference.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 35202498
It should be a 1-1 static nat, or a policy nat and not just the smtp port static.
0
 

Author Closing Comment

by:amkbailey
ID: 35244411
We ended up just going to 1 static IP so we have it working ok now.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question