If the two public IP addresses are on the same interface then it should be
as simple as creating a static NAT specific to the SMTP ports, and then
letting everything else hit the default NAT. If the Public IPs were on
different interfaces of the ASA then you are in a situation where PBR type
behavior would be needed. You used to be able to do this in some versions
of 8.x code. The order of operations was such that the NAT would get
processed before the route lookup so you could use this to do a PBR of
sorts.
This was changed in version 9 or 9.1 and not well documented. I got burned
pretty bad when this functionality would no longer work after an upgrade.
On Thu, Feb 20, 2014 at 11:52 AM, Charlie CA <spycharlies_at_gmail.com> wrote:
> Hi Experts, was wondering if this is even possible on a Cisco ASA or
> possibly someone could give me a hint.
>
>
> I have a scenario here whereby, I would want all my SMTP traffic (SMTP
> Server IP 192.168.10.1) to go through a second public IP (assume 1.1.1.2),
> while all internet traffic continues to go through the primary IP
> (1.1.1.1).
>
>
> A quick solution would have been to only permit the SMTP server from
> sending smtp but this is not possible as we have a couple of mobile devices
> doing push email; so just permit only the smtp server would be a nightmare.
>
> I know ASA can't do policy routing, is this possible?
>
>
> Thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Marc Abel CCIE #35470 (Routing and Switching) Blogs and organic groups at http://www.ccie.netReceived on Thu Feb 20 2014 - 12:42:45 ART
This archive was generated by hypermail 2.2.0 : Sat Mar 01 2014 - 08:41:48 ART