Can you redirect a ip address on an ASA 5500?

I have an issue, which I know what it is, do not know how to solve!!

On the inside interface and network, we have a server at, (as an example), which acts as an email server.

The outside ip address of the ASA is, say,

The ASA directs any imap requests from the outside interface to, which works fine from the outside. Users simply open up email, and collect emails etc.

Butt.. wwhen they come inside the office, their machine of course attempts to contact the ip address the ASA knows it is outside interface, so they are unable to collect emails.

Any ideas as to how solve this issue, so that any internal IMAP requests from machines on the inside to are directed to the machine inside on

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It sounds like you are using the IP address itself as the server/host in the email client's configuration instead of a hostname, if you were to configure a hostname and use DNS to have it resolve to the proper IP address depending on where they are located that would solve the problem.  Is that not doable for you?  The ASA isn't going to accept a connection from the inside to the outside and back to the inside interface like that.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
There are two methods to fix this.
You can do a split horizon DNS.  This is where there are two different DNS servers (they can be hosted on one box with a bit of clever port remapping but it is easier to use two boxes).
When you are outside and you go to the Web address URL you are using like this points on that DNS to
You then have another DNS server inside.  This will be assigned by the DHCP server.
it has records for things inside that are different like   (etc)
and then the rest it looks up outside.

If you are outside you go to the real external address.  if you are inside you go to the local address.

The other way of fixing this is to set up the router so it will work with this address being approached from the inside and still forward it to the 192 address.  It CAN be done so if you want to go down that path then I'll let one of the router experts advise you on the command to add to allow that.
MawallaceAuthor Commented:
Interesting idea! I will have a think about that

How would I deal with  this?
It sounds like edster is referring to policy based routing where you can manually set the next hop address based on traffic rules (using ACLs to match either source IPs, destination IPs, etc...) that you setup; however, if I recall, ASAs don't support policy based routing so you'd need a router in place.  

You're best bet, and honestly the proper solution, is to setup DNS, which is what I suggested as well.  
I agree with TheTull, proper DNS names are the best solution here
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.