Hi guys,
Wondering if you could help, basically we tried to migrate off some old ASA5510 at the weekend and had some issues with Exchange sending emails out. We had to roll back (for unrelated reasons) and this all started working again. Looking at current firewalls it is set up as so.
Config access-group INSIDE-FIREWALL-DMZ_access_in in interface INSIDE-FIREWALL-DMZ access-list INSIDE-FIREWALL-DMZ_access_in extended permit tcp host 172.16.110.252 host 10.71.11.11 eq smtp
Config static (INSIDE-FIREWALL-DMZ,OUTSIDE) 100.100.100.100 172.16.110.252 netmask 255.255.255.255 match ip INSIDE-FIREWALL-DMZ host 172.16.110.252 OUTSIDE any static translation to 100.100.100.100 translate_hits = 0, untranslate_hits = 5611
Config static (INSIDE-EDGE-DMZ,OUTSIDE) 200.200.200.200 10.71.11.11 netmask 255.255.255.255 match ip INSIDE-EDGE-DMZ host 10.71.11.11 OUTSIDE any static translation to 200.200.200.200 translate_hits = 272725, untranslate_hits = 1994535
I thought we had this matched up pretty correctly on the new 5516-X firewalls but clearly not. I think the issue is with NAT
New NAT Config:
nat (INSIDE-EDGE-DMZ,outside) source static 10.71.11.11 200.200.200.200
nat (INSIDE-FIREWALL-DMZ,outside) source static 172.16.110.252 100.100.100.100
Any assistance would be greatly received
Thanks
No comments:
Post a Comment