Solved

Alternative NAT for host behind ASA 5510

Posted on 2013-06-21
5
788 Views
Last Modified: 2013-06-25
I have a client with an ASA 5510 and a pool of public IP numbers. His MX record points to an IP (155) that is not the static IP for the outside interface on the ASA (153). He has static nat configured for https and smtp on the IP (155) for Exchange. There is a dynamic nat for all outgoing traffic to use the interface IP. Some emails are being rejected since the reverse lookup does not match the MX record. Is it possible to configure nat so that outgoing traffic for the exchange server is a static IP (155) instead of the interface IP (153)?

Thanks.
0
Comment
Question by:fisher_king
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 500 total points
ID: 39266993
yes.  just configure a static nat

ASA OS 8.3+
object-group network exchange-server
  host **internal IP of server**
  nat (inside,outside) static **public IP of server** dns

ASA OS pre-8.3
static (inside,outside) **public IP** **internal IP** netmask 255.255.255.255 dns

remember to get rid of static pats that reference that server then

and run 'clear xlate' after you're done reconfiguring to ensure new translations take affect
0
 

Author Comment

by:fisher_king
ID: 39266999
I tried that, but the Exchange server did not have any internet access. I did not include the dns re-write and I did not clear xlate. I will try again and let you know.

Thanks.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39267008
ya, you need to do a clear xlate or the translations can still be wrong causing unexpected behavior.
0
 

Author Comment

by:fisher_king
ID: 39267015
I realized that I also couldn't map the entire inner and outer becasue there was another pat for that IP. We will move to another public IP in their pool and test. Thanks again.
0
 

Author Closing Comment

by:fisher_king
ID: 39276110
Thanks again for your help.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 58
Content Filtering by Search Term with a Smoothwall Firewall 1 198
Website Issue 10 89
Swapping port on a  Cisco 5510 firewall 1 47
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question