Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 817
  • Last Modified:

Alternative NAT for host behind ASA 5510

I have a client with an ASA 5510 and a pool of public IP numbers. His MX record points to an IP (155) that is not the static IP for the outside interface on the ASA (153). He has static nat configured for https and smtp on the IP (155) for Exchange. There is a dynamic nat for all outgoing traffic to use the interface IP. Some emails are being rejected since the reverse lookup does not match the MX record. Is it possible to configure nat so that outgoing traffic for the exchange server is a static IP (155) instead of the interface IP (153)?

Thanks.
0
fisher_king
Asked:
fisher_king
  • 3
  • 2
1 Solution
 
Cyclops3590Commented:
yes.  just configure a static nat

ASA OS 8.3+
object-group network exchange-server
  host **internal IP of server**
  nat (inside,outside) static **public IP of server** dns

ASA OS pre-8.3
static (inside,outside) **public IP** **internal IP** netmask 255.255.255.255 dns

remember to get rid of static pats that reference that server then

and run 'clear xlate' after you're done reconfiguring to ensure new translations take affect
0
 
fisher_kingAuthor Commented:
I tried that, but the Exchange server did not have any internet access. I did not include the dns re-write and I did not clear xlate. I will try again and let you know.

Thanks.
0
 
Cyclops3590Commented:
ya, you need to do a clear xlate or the translations can still be wrong causing unexpected behavior.
0
 
fisher_kingAuthor Commented:
I realized that I also couldn't map the entire inner and outer becasue there was another pat for that IP. We will move to another public IP in their pool and test. Thanks again.
0
 
fisher_kingAuthor Commented:
Thanks again for your help.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now