NAT Question

[mja101275]

We recently installed a Spam Firewall and used NAT to redirect all outside traffic addressed to our email server (2xx.xx.xx.19) to the new firewall (2xx.xx.xx.18). That's working fine. However, since we did that, our outgoing mail is assigned the IP address of the PIX, instead of 2xx.xx.xx.19 as in the past. We are finding some ISPs that block our mail because we have no reverse DNS entry for our PIX. For obvious security reasons, we don't want to add a DNS entries for the PIX. Is there any way to add a static entry to NAT the internal (higher security) address of our mail server to the external (lower security) address 2xx.xx.xx.19, without overlapping the Spam Firewall NAT described above? (PIX version 6.1)

Thanks!

 

[dopehead]

Let me see if i understand this, you have a spam firewall on the same outside segment as the pix ? And then you forward the mail traffic to the pix ?

Maybe you could post your static/nat config

Jan

Network Systems Engineer
CCNA/CQS/CCSP