Petri.co.il forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Networking > Cisco Security PIX/ASA/VPN
Petri.co.il is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

ASA 5505 - Multiple External IPs, One Internal Spam Filter

ASA 5505 - Multiple External IPs, One Internal Spam Filter

this thread has 1 replies and has been viewed 2867 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 6th November 2010, 01:10
point2point point2point is offline
Casual
Casual
 
 Join Date: Nov 2010
  6 month star 12 month star
 Posts: 1
 Reputation: point2point is on a distinguished road (10)
Default ASA 5505 - Multiple External IPs, One Internal Spam Filter

We have a block of external IP addresses and are hosting several Exchange servers for different clients on different IP addresses. Internally we have 1 Barracuda spam filter.

Basically I would like to route smtp traffic for certain external IPs (x.x.x.66, x.x.x.68, x.x.x.70) to the Barracuda spam filter at 192.168.1.100. I got the access lists setup but the forwarding is where I am having issues.

I had this (but does not get SMTP traffic to the spam filter for all IPs, only one):
static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) x.x.x.68 192.168.1.20 netmask 255.255.255.255
static (inside,outside) x.x.x.70 192.168.1.10 netmask 255.255.255.255

I was trying this but getting duplicate of existing static:
static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.68 smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.70 smtp 192.168.1.100 smtp netmask 255.255.255.255

Is there any way to send SMTP from certain external IP addresses to the same internal IP address? If not, is there any way to "trick" the ASA to send it to 192.168.1.101 and then have that IP just send to 192.168.1.100 (like below)?

static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.68 smtp 192.168.1.101 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.70 smtp 192.168.1.102 smtp netmask 255.255.255.255

Then have 192.168.1.101 & 192.168.1.102 forward to 192.168.1.100
  #2  
Old 8th November 2010, 22:40
gerth's Avatar
gerth gerth is offline
Junior Member
Staying around
 
 Join Date: Jul 2010
  6 month star 12 month star
 Location: The Netherlands
 Posts: 222
 Reputation: gerth will become famous soon enough (73)
Default Re: ASA 5505 - Multiple External IPs, One Internal Spam Filter

If i am correct, you cannot use nat/pat to multiple ip addresses to the same ip/port. A possible sollution wold be to provide the barracuda with multiple incomming ip adresses.
__________________
gerth

MCITP sa, ea & va, sysadmin@cydonia.
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple external IPs, need to move SSH server CypherBit General Networking 3 26th February 2010 16:37
Multiple NDRs being trapped by the Spam filter and has unknown IP/email Virtual Exchange 2007 / 2010 / 2013 3 26th August 2009 14:53
Asa 5505 maximtory Cisco Routers & Switches How-to 0 25th August 2009 00:00
Cisco ASA Translation (WAS: Re: ASA 5505 Port Forwarding, NAT error) rgpone Cisco Security PIX/ASA/VPN 3 17th March 2009 13:05
Pix 506e w/ 2 external IPs routing ports to internal IPs traigo Cisco Routers & Switches How-to 3 17th September 2008 15:21


All times are GMT +3. The time now is 18:11.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri