Re: Cisco ASA: Nating SMTP traffic to a second public IP from Henrique Reis on 2014-02-20 (Ccielab archives 02/2014)

From: Henrique Reis <reis.henrique_at_gmail.com>
Date: Thu, 20 Feb 2014 15:54:45 -0300

Follow a example:

                          out2 --- 172.16.1.0/24 --- .3 ISP2 (used for
SMTP only)
                        /192.0.2.0/24 - dmz - ASA
                        \out1 --- 10.48.66.0/23 --- .1 ISP1 (primary)

route out1 0.0.0.0 0.0.0.0 10.48.66.1 1
route out2 0.0.0.0 0.0.0.0 172.16.1.3 2
!
static (dmz,out2) 172.16.1.11 192.0.2.1 netmask 255.255.255.255
static (out2,dmz) tcp 0.0.0.0 telnet 0.0.0.0 telnet netmask 0.0.0.0
!
nat (dmz) 1 0.0.0.0 0.0.0.0
global (out1) 1 interface
!
access-list SRV extended permit tcp any host 172.16.1.11 eq telnet
access-group SRV in interface out2
!
sysopt noproxyarp dmz

Best regards,
Henrique Reis

On Thu, Feb 20, 2014 at 2:57 PM, Shaughn <maniac.smg_at_gmail.com> wrote:

> On the ASA it is possible.
>
> Create an ACL matching SMTP from that host out.
>
> Create another Nat entry matching that ACL and set it to use another
> outgoing Nat IP (2) for example
>
> I can send configs later on how to do it
>
>
> CCIE # 23962 (SP)
>
> Sent from my iPhone
>
> > On 20 Feb 2014, at 7:52 PM, Charlie CA <spycharlies_at_gmail.com> wrote:
> >
> > Hi Experts, was wondering if this is even possible on a Cisco ASA or
> > possibly someone could give me a hint.
> >
> >
> > I have a scenario here whereby, I would want all my SMTP traffic (SMTP
> > Server IP 192.168.10.1) to go through a second public IP (assume
> 1.1.1.2),
> > while all internet traffic continues to go through the primary IP
> (1.1.1.1).
> >
> >
> > A quick solution would have been to only permit the SMTP server from
> > sending smtp but this is not possible as we have a couple of mobile
> devices
> > doing push email; so just permit only the smtp server would be a
> nightmare.
> >
> > I know ASA can't do policy routing, is this possible?
> >
> >
> > Thanks
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 20 2014 - 15:54:45 ART

This archive was generated by hypermail 2.2.0 : Sat Mar 01 2014 - 08:41:48 ART