1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

unable to send internal email due to static nat

Discussion in 'Networking' started by joec22, Apr 10, 2010.

Thread Status:
Not open for further replies.
  1. joec22

    joec22 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    1
    We have two exchange servers located in different cities connected by site-to-site vpn via cisco router and PIX. Once I added the static nat translation for the second email server, we lost ability to send from one direction. If I remove the static nat translation, it works.

    Here is the static nat and ACL:
    Code:
    ip nat inside source route-map ISP interface Ethernet0 overload
    ip nat inside source static tcp 192.168.30.70 25 **.**.**.** 25 extendable
    
    ip access-list extended nonat
    deny   ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
    deny   ip 192.168.30.0 0.0.0.255 192.168.41.0 0.0.0.255
    deny   ip 192.168.30.0 0.0.0.255 192.168.22.0 0.0.0.255
    permit ip 192.168.30.0 0.0.0.255 any
    permit ip 192.168.220.0 0.0.0.255 any
    !
    access-list 110 permit ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
    access-list 110 permit ip 192.168.30.0 0.0.0.255 192.168.41.0 0.0.0.255
    access-list 110 permit ip 192.168.30.0 0.0.0.255 192.168.22.0 0.0.0.255
    access-list 120 deny   ip 192.168.220.0 0.0.0.255 192.168.30.0 0.0.0.255
    access-list 120 permit udp host 0.0.0.0 host 255.255.255.255
    access-list 120 permit ip 192.168.220.0 0.0.0.255 any
    
    route-map ISP permit 10
     match ip address nonat
     match interface Ethernet0
    
    
    110 is applied to the crypto map, the crypto map is applied to outside interface eth0. The email server on the other side is 192.168.20.65. Both servers can ping each other, but I'm thinking since the email goes through port 25, the 20.65 is not able to get a return from 30.70 because the router translates it to the public ip address which doesn't make it back through the vpn. However if I send from 30.70 to 20.65 it works fine. Does that make sense? Does anyone have any suggestions for what I'm doing wrong?

    Thanks
    Joe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916105

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice