asa 5505 static pat problem

Discussion in 'Cisco' started by tilopa88, Apr 25, 2007.

  1. tilopa88

    tilopa88 Guest

    we have a cisco asa 5505 with 3 interfaces: outside, inside, dmz. I am
    trying to set it up to forward mail traffic (port 25) to the DMZ but
    pop3 and imap to go directly to our exchange server.

    The outside IP for mail (including pop3 and imap) is 10.10.10.2 for
    example.
    the mail server in the dmz is 192.168.2.11
    and the exchange server in the inside is 192.168.1.12

    I have the following entries:

    access-list outside_in extended permit tcp any host 10.10.10.2 eq 25
    access-list outside_in extended permit tcp any host 10.10.10.2 eq 110
    access-list outside_in extended permit tcp any host 10.10.10.2 eq 143

    Then for static:

    static (inside,outside) tcp 10.10.10.2 pop3 192.168.1.12 pop3 netmask
    255.255.255.255
    static (inside,outside) tcp 10.10.10.2 imap4 192.168.1.12 imap4
    netmask 255.255.255.255
    static (dmz,outside) tcp 10.10.10.2 smtp 192.168.2.11 smtp netmask
    255.255.255.255

    when I enter this last static command I get the following warning:

    WARNING: mapped-address conflict with existing static
    TCP inside:192.168.1.12/110 to outside: 10.10.10.2/110 netmask
    255.255.255.0
    WARNING: mapped-address conflict with existing static
    TCP inside:192.168.1.12/143 to outside: 10.10.10.2/143 netmask
    255.255.255.0

    I do not know why it is giving me this warning as it is a different
    port translation.
    Mail still flows ok as far as I can tell but I am worried this will
    have hidden consequenses.
    Can anyone shed some light on this warning?
    Thanks.
     
    tilopa88, Apr 25, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.