ASA is blocking e-mail between internal networks
Posted on 2013-10-16
First thanks for the help which is really appreciated.
I currently have a device within a network that I would like to send e-mails through one of our e-mail servers on the DMZ; however I cant make it happen. The Diagram is the following:
Net A >>>>>> GATEWAY>>>>>>>FIREWALL>>>>>>>DMZ
Net A can successfully reach the firewall IP on the link between the gateway and the firewall itself. However when I try to send the e-mail or ping the e-mail server it fails.
The interface on which the packet from Net A is coming from (NET), has a Security level of 60, whereas the Interface for the DMZ (DMZ), has a security level of 10. I thought the communication should just happen but I am afraid that the NAT rule for the E-mail Server is interfering.
The E-mail server is being translated to the Net A with a public address which I think is my issue but I am not sure. I cant change this rule as I have other networks using the translation.
static (DMZ,NET) PUBLIC-IP 10.8.1.5 netmask 255.255.255.255
I cant change this rule and I want to keep Net A as a private network that will jut have access to the e-mail server.
I applied a packet tracer sourcing from the NET interface with the Net A addressing and it works if I use the public IP on the command, but not if I use the private one. It shows the message of Action: DROP, and it seems to be due to the translation.
Is there any way I can give access to this network to the private address of the e-mail server? so the network can send e-mail without any internet access to the network ?