Problem:
New incoming-only smtp gateway was installed by simply changing static
mapping to go to the smtp gateway and everything works fine except the mail
server is now using the Global outside address so it's failing reverse
lookup for outgoing mail (some spam filters are complaining). Configuration
is complicated by webserver on DMZ which needs to smtp to mail server on
inside, too. Do I assign an extra static such as 111.122.116.6 for outbound
and change mail.abc.com at ISP's DNS? When I added this address it broke
the outgoing mail, I guess because of conflict with static mapping for
webserver.
Thanks for your help.
111.122.116.4 mail.abc.com, MX (inside smtp gateway is 10.1.1.25)
111.122.116.5
www.abc.com (dmz webserver 192.168.25.11 10.1.1.103
server via 192.168.54.253)
10.1.1.103 exchange server (currently appears as global outside IP which
fails reverse lookup. I have 111.122.116.6 address availble I could assign)
config
access-list inside_in permit tcp host 10.1.1.103 any eq smtp
access-list outside_in permit tcp any host 111.122.116.5 eq smtp
access-list dmz_access_in permit udp any any eq domain
access-list dmz_access_in permit tcp host 192.168.54.11 host 192.168.54.253
eq smtp
ip address outside 111.122.116.2 255.255.255.224
ip address inside 10.1.1.10 255.255.0.0
ip address dmz 192.168.54.1 255.255.255.0
global (outside) 1 111.122.116.30
global (dmz) 1 192.168.54.250
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 0 access-list dmz_nonat
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 111.122.116.5 10.1.1.25 netmask 255.255.255.255 0 0
static (inside,dmz) 192.168.54.253 10.1.1.103 netmask 255.255.255.255 0 0
static (dmz,outside) 111.122.116.4 192.168.54.11 netmask 255.255.255.255 0 0
access-group outside_in in interface outside
access-group inside_in in interface inside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 111.122.116.3
Similar Threads
