Announcement

Collapse
No announcement yet.

ASA 5505 - Multiple External IPs, One Internal Spam Filter

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA 5505 - Multiple External IPs, One Internal Spam Filter

    We have a block of external IP addresses and are hosting several Exchange servers for different clients on different IP addresses. Internally we have 1 Barracuda spam filter.

    Basically I would like to route smtp traffic for certain external IPs (x.x.x.66, x.x.x.68, x.x.x.70) to the Barracuda spam filter at 192.168.1.100. I got the access lists setup but the forwarding is where I am having issues.

    I had this (but does not get SMTP traffic to the spam filter for all IPs, only one):
    static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
    static (inside,outside) x.x.x.68 192.168.1.20 netmask 255.255.255.255
    static (inside,outside) x.x.x.70 192.168.1.10 netmask 255.255.255.255

    I was trying this but getting duplicate of existing static:
    static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
    static (inside,outside) tcp x.x.x.68 smtp 192.168.1.100 smtp netmask 255.255.255.255
    static (inside,outside) tcp x.x.x.70 smtp 192.168.1.100 smtp netmask 255.255.255.255

    Is there any way to send SMTP from certain external IP addresses to the same internal IP address? If not, is there any way to "trick" the ASA to send it to 192.168.1.101 and then have that IP just send to 192.168.1.100 (like below)?

    static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
    static (inside,outside) tcp x.x.x.68 smtp 192.168.1.101 smtp netmask 255.255.255.255
    static (inside,outside) tcp x.x.x.70 smtp 192.168.1.102 smtp netmask 255.255.255.255

    Then have 192.168.1.101 & 192.168.1.102 forward to 192.168.1.100

  • #2
    Re: ASA 5505 - Multiple External IPs, One Internal Spam Filter

    If i am correct, you cannot use nat/pat to multiple ip addresses to the same ip/port. A possible sollution wold be to provide the barracuda with multiple incomming ip adresses.
    gerth

    MCITP sa, ea & va, sysadmin@cydonia.

    Comment

    Working...
    X