NAT address to fixed IP

Hello,
My company has just started using an application called AS2 to send data
securely to ASDA/Wal-Mart. This application relies on communication from
wal-marts 6 ipaddresses using any port greater than 1023. I have setup
filters to allow any traffic from these 6 ipaddresses to come in. However
the server application which runs on a PC (which has a fixed ip address)
doesn't seem to get the packets.
What I think the problem is, is, the traffic is hitting my public
interface but doesn't know where to go there after. What i think i need
is a route to say when you hit my public interface route through to the
fixed IP on my PC.
I am struggling a bit with this any help would be great.
Thanks

Firstly, thank you for your response.
I believe that 'they' initiate contact with us.
If I created a second IP add on my BM server, NAT'd the address to the IP
address of my PC, then created a filter to let all traffic through, it
should allow me to at least test that I am getting a connection!?!?
> [email protected] wrote:
>
> > What I think the problem is, is, the traffic is hitting my public
> > interface but doesn't know where to go there after. What i think i
need
> > is a route to say when you hit my public interface route through to
the
> > fixed IP on my PC.
> >
> > I am struggling a bit with this any help would be great.
>
> If the PC running the app is on the private side of BM, then you need to
>
> 1) add a secondary public IP address to the BM server
> 2) statically-NAT this new public IP to the private IP of the PC
running
> the app
>
> 3) create filter exceptions that allow the necessary traffic, calling
> out the *private* Ip address of the PC. You're a little ambiguous as to
> what ports are being used. the "any port above 1023" sounds like the
> standard ephemeral ports for *response* traffic. Surely there is a
> specific destination port involved? Question: does the PC initiate
> contact with the remote servers, or do *they* initiate contact with
your PC?
>
>
> --
> Jim
> NSC Sysop

Similar Messages

  • SA520 NAT/PAT not working with NAT address

    The SA520 I have is configured on one public IP address and an exchange server is behind it.  THe exchange server is configured with an internal address and the SA520 is performing NAT translation to a unique public address for the email server itself which is independant of the SA520.  It seems that the SA520 is sending email out the NAT address correctly at some time and at other times it seems to be sending the email traffic over the PAT address of the SA520 public address.  When this happens the email gets blocked due to spam lists.  Then the email will work again correctly.. and then go back.  If I use a 3rd party website to test the IP address sometime I get the correct one and sometimes I get the wrong address.
    Is there a way I can confirm that the SA520 NAT settings are correct to allow ALL outbound communications from the exchange server (which is behind the SA520)?  I may have the SA520 configuration wrong and it is possible that the SA520 is only providing inbound PAT for port 25.  How do I tell the SA520 to do a 1 to 1 NAT with the exchange server?

    Hi John,
    In order to establish a 1 to 1 NAT on the SA 500 series, as in your case, you must first you must first add an IP Alias for your 2nd WAN.  Next, you create a Firewall rule to "force" all or selected traffic from your NATed server (LAN) to the WAN to go out thru the IP ALIAS address.  Finally, we forward specific traffic from the WAN to your NATed Server (LAN) thru Firewall Rule(s).  See sample wan2lan bitmaps attached. Do this for each of the services that you will allow to come in thru the SA 520 to your Server.  As long as there are no other Firewall rules overlapping with the newly created rules, traffic to and from your NATed server will come/exit thru your ALIAS IP.
    We can verify this by performing a WAN Packet Trace (Administration-->Diagnostics -->Packet Trace)  After choosing Dedicated WAN as the Network to be captured, Click on Start to perform Packet Capture.  Go to your NATed server, and perform the following, on a command prompt window Ping google.com, open a browser window and open google.com.  On a remote machine, open a web page on your server (OWA?) to test incoming HTTP/HTTPS requests. Stop your capture, and save the packet capture file by pressing the Download button.  Open file with Wireshark/Ethereal and observe the source and destination address of the packets.  They should have the ALIAS address and not the WAN IP address.
    If the above step is good, then we have to take a look as to if and why your SMTP or email services are not being routed out the ALIAS interface. Repeat capture steps as above, but this time send an outgoing email, and test an incoming email by emailing an internal account from an outside email acount (yahoo, gmail, hotmail).
    If you still have failure, and you have IPS or ProtectLink enabled, can you run the steps that failed with IPS and/or ProtectLink both disabled?
    If there are issues, you can post the captures as a personal message to me.
    I hope the above will help narrow the issue a bit.
    Best regards,
    Julio

  • Creating connection using NAT address

    Can we use ServerSockets to create a connection to a server using the NAT address ? If yes, then does it require something different ?

    Do you want to connect an external machine to a machine behind your NAT router? Or is this completely internal? If it's interal you should be able to use the machine's private ip address.

  • Analyzer 7 Across the WAN using NAT addresses

    We have acquired several companies that have their own internal ip addresses that are duplicates of some of our internal ip addresses. To overcome this we use Network Address Translation (NAT). However, we cannot get Analyzer to work with these NAT addresses. The users receive the logon page, but the "domain" box is empty. We have tried adding entries to the remote DNS's that map the NAT addresses to our servers, but this hasn't worked. Does anyone have any suggestions? Thanks!

    We have acquired several companies that have their own internal ip addresses that are duplicates of some of our internal ip addresses. To overcome this we use Network Address Translation (NAT). However, we cannot get Analyzer to work with these NAT addresses. The users receive the logon page, but the "domain" box is empty. We have tried adding entries to the remote DNS's that map the NAT addresses to our servers, but this hasn't worked. Does anyone have any suggestions? Thanks!

  • Wism version 2 support feature "enable NAT address?

    hi all
    i would like to ask some question that wism v 2 support feature nat address? because i see in configuration guide it just tell about wlc 5508. So, please give me or share information.
    Thanks.

    Well that is the thing... will it work if you are using multiple ap managers?  What I was told is that the ap's still need to communicate with the management interface with the 2504, 5508... the newer stuff.  Its not like the 4400's where if you break up the management and the ap manager, you can actually isolate the ap manager on a vlan with the aps and the aps will communicate with the ap manager interface only.  The newer controllers don't function like that.  We had a client that migrated  and wanted to keep everything the same.... well it didn't work.  We had to enable routing between the ap manager subnet and the management.  I never split them apart and don't know why people do
    Maybe we can get George to test it out
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Send RTP stream to NAT address

    Hi,
    i want to transmit a RTP stream from a server to a host in a LAN.
    This host has a NAT address and it's non real IP address, so i can't send any stream trought usage of SessionManager API because it need to know a public IP.
    The other issue is that in a LAN, in most popular cases, there is a firewall that close the connection from internet to their hosts.
    I think this solution:
    1) LAN's hosts can intiate the connection with server sending a non real RTP data
    2)Server store the SessionManager of this connection
    3)server can send your RTP stream now
    Someone have a more good solution or any suggestion?
    Thank for all
    [email protected]

    I have one appletTransmitter that capture video from webcam and transmit it to other client on internet.
    I try to transmit medialocator from appletTransmitter to servlet1 and then save MedialLocator as servlet attribute, then other client can connect to servlet2 that send saved MediaLocator to appletClient.
    APPLETTRANSMITTER:
    URL url=null;
    MediaLocator media=new MediaLocator("vfw://0");
    try{
    url = new URL("http://localhost:8080/servlet1");
    catch(MalformedURLException mue){mue.printStackTrace();}
    URLConnection conn=null;
    try{
    conn = url.openConnection();
    catch(IOException ioe){ioe.printStackTrace();}
    conn.setDoOutput(true);
    OutputStream os=null;
    ObjectOutputStream oos=null;
    InputStream in=null;
    ObjectInputStream iin=null;
    MediaLocator mResp=null;
    String r=null;
    try{
    os=conn.getOutputStream();
    oos=new ObjectOutputStream(os);
    oos.writeObject(media);
    //oos.writeObject("Prova Servlet");
    oos.flush();
    catch(IOException io){io.printStackTrace();}
    catch(ClassNotFoundException cn){cn.printStackTrace();}
    SERVLET1
    ObjectInputStream objin = new ObjectInputStream(request.getInputStream());
    MediaLocator ml =null;
    try{
    ml = (MediaLocator) objin.readObject();
    context.setAttribute("media",ml);
    catch(ClassNotFoundException e)
    {e.printStackTrace()}
    But on servlet1 there is a ClassNotFoundException: MediaLocator
    What do we think about the solution and exception problem?
    Best Regards,
    Nico from Italy

  • Anyconnect VPN PING replies from NAT address

    I have been attmepting to setup an Anyconnect client to access an internal LAN via an ASA running 8.6(1)2.
    The VPN client connects to the ASA successfully, and I get an IP address from the pool on the ASA, so far so good.
    I have an issue whereby a ping from a AnyConnect VPN client to an inside host that has a static nat translation is getting a response from the nat (public) address rather than its real (inside) address as below:
    C:\ ping 10.191.16.3 (inside host that is natted to lets say 123.123.123.123 on the ASA)
    Pinging 10.191.16.3 with 32 bytes of data:
    Reply from 123.123.123.123: bytes=32 time=62ms TTL=127
    How do I get the response to come from the real address?  Pinging inside hosts that do not have static NAT entries are ok.
    Below is what I beleive are the relevant parts of the config..(Let me know if more is needed and I can post)
    interface Redundant1
    member-interface GigabitEthernet0/1
    member-interface GigabitEthernet0/3
    nameif InsideNet99
    security-level 100
    ip address 10.191.99.251 255.255.255.0
    object network VPNClients
    subnet 10.191.18.0 255.255.255.0
    object network inside_network
    subnet 10.191.16.0 255.255.254.0
    nat (inside,outside) source static inside_network inside_network destination static VPNClients VPNClients no-proxy-arp route-lookup
    object network inside_network
    nat (inside,outside) dynamic interface
    route inside 10.191.16.0 255.255.254.0 10.191.99.254 1
    nat (inside,outside) source static 10.191.16.3 123.123.123.123

    Hi,
    Many thanks for taking the time to reply.
    Here is the output you requested...
    The only things I have changed are public IP's (I changed the names of a few things in the original post).
    FIREWALL-01# sh run nat
    nat (InsideNet99,outside) source static fp-private fp-public
    nat (InsideNet99,outside) source static tmg-private tmg-public
    nat (InsideNet99,outside) source static ex-private ex-public
    nat (InsideNet99,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_10.191.18.0_24 NETWORK_OBJ_10.191.18.0_24 no-proxy-arp route-lookup
    object network VRF-VLAN2
    nat (InsideNet99,outside) dynamic interface
    object network VRF-VLAN3
    nat (InsideNet99,outside) dynamic interface
    object network VRF-VLAN5
    nat (InsideNet99,outside) dynamic interface
    object network VRF-VLAN12
    nat (InsideNet99,outside) dynamic interface
    object network WIFIPUBLIC
    nat (wifipublic,outside) dynamic interface
    object network VRF-VLAN11
    nat (InsideNet99,outside) dynamic interface
    object network VRF-VLAN17
    nat (InsideNet99,outside) dynamic interface
    FIREWALL-01#
    Other info...
    object network fp-public
    host ***.***.***.***
    object network VRF-VLAN11
    subnet 10.191.16.0 255.255.254.0
    object network fp-private
    host 10.191.16.1
    object network tmg-private
    host 10.191.16.3
    object network ex-public
    host **.***.***.***
    object network tmg-public
    host 123.123.123.123
    object network ex-private
    host 10.191.16.2
    object network NETWORK_OBJ_10.191.18.0_24
    subnet 10.191.18.0 255.255.255.0
    object-group network DM_INLINE_NETWORK_1
    network-object object VRF-VLAN11
    The VPN client has address 10.191.18.1, pinging 10.191.16.3 and getting reply from 123.123.123.123 (The public address of 10.191.16.3).
    (123.123.123.123 used for purposes of this forum, not real address).
    btw, I can PING other devices on 10.191.16.0/23 that do not have static NATs on the ASA and they respond correctly from the real IP.

  • Entourage Sync with iCal & Address Book - Fixed!

    Finally found a solution that really works.
    Background
    I had the infamous issue of trying to get Entourage Calendar and Contacts to Sync with iCal & Address book for the purpose of syncing with iTunes on my iPhone.
    I've had most of the symptoms listed on this site.
    It only syncs one way, Entourage Calendar shows up in iCal, but it's blank, Entourage Calendar does not show up at all in iCal, but contacts show up in Address book.
    I've read nearly every post about it and tried all the various fixes listed, but none of them worked, or at least not consistently.
    My setup:
    OS X 10.5.5 MacBook Pro (latest updates)
    Entourage 2004 (latest patches)
    (If your using Mobile me, log out before you do this)
    Here's what you'll need to do:
    1. Backup your Main Identity which contains all your entourage info, email, contacts, calendars, etc. (Just in case you goof something up)
    It's located in your home user account ~User/youraccount/documents/Microsoft User Data (Backup this whole folder)
    If you don't know all your email credentials such as username, password, smtp, pop info, jott it down as it will save you some time later.
    2. Launch Entourage and uncheck the Sync Services. Quit Entourage and all Office Apps.
    Also you should archive all your entourage data if you want to copy it to the new setup.
    Archive the contacts and Calendar Events separately.
    3. Launch iCal and manually delete the Entourage Calendar (if present) Quit iCal.
    4. Now open your documents folder and locate the folder named Microsoft User Data and rename the folder to Microsoft User Data Original
    5. Create a new OS X User from the System Preferences... Accounts
    6. Logoff your current user account and login to your new user account.
    7. Launch Entourage and enter your email info.
    8. Now create a single calendar event.
    9. Go to Entourage Preferences, and check the Sync Services. (click OK, etc.)
    10. Wait 5 minutes, then launch iCal and you will see the Entourage Calendar with your single event.
    You should also see your contact that was created when you setup email in the Address Book.
    If this worked you've isolated the syncing problem to a corrupt file in your user account or corrupt data in your entourage account.
    You can go back to your original user account and delete all the info from entourage to see if you had corrupt data in entourage, (youd did back it up first, right?) or you can follow the procedures below to move all your stuff over to the new login account.
    Now you'll need to migrate your data from your Old login account to your new login account.
    (I've tried just moving the new Entourage identity back to the old account, and it didn't always work)
    The easiest way to move data between accounts is to login as root.
    To enable the root user, Go to Utilities, Directory Utility, and under the edit menu, select enable root user, enter a unique password, later you can disable root login when your all done)
    Logout of your new login and login as root with the new password you just created
    When it prompts for a username type "root". If you don't have that option click the Other login and then type in root as the username and the new password.
    Once your logged in as root, be careful as you can pretty much trash anything without any warnings.
    Now Open your original user folder located in ~User/youraccount as well as the new user you just created
    (not the root account)
    Open the folders side by side and drag the contents from old to new:
    Desktop
    Documents
    iTunes
    Movies
    Music
    plus any other info you need.
    Log back into your new user account, and run a repair permissions from disk utility.
    Launch Entourage and enter a new event and contact. Then wait a few minutes and verify that it made it over to iCal & Address book.
    If it did, and it should have, you can then import your entourage archives, do contacts first, then wait a few minutes and verify it shows up in Address Book, then do your Calendar events and verify.
    When everything is syncing between entourage and iCal/Address Book you can connect your iPhone and enable syncing.
    A few important notes:
    -If you have Years worth of Calendar Items in entourage, you will most likely run into problems, so archive your old Events and only restore that which you need.
    -You may also need to retrieve old application preferences.
    -Once your sure you've got everything, you can delete the Microsoft User Data Original folder that we renamed and put in your Documents Folder.
    Hope this helps somebody out.
    LJS

    Entourage calendar does not sync as you are expecting, with iCal.
    Turn your Entourage sync services on (to sync your calendar) and you will notice in iCal a new calendar on the left, called Entourage. Mind has a purple color to it, for example.
    Now, in iCal, create a new appointment and assign it TO the Entourage calendar. Now sync, and hey presto it shows up in Entourage.
    This is by design, Entourage does not sync ALL of your iCal calendars, it will only sync the Entourage calendar which is created in iCal.
    For example, I have Home, Work, Personal and Entourage calendars in iCal - appointments I make with my Home, Work or Personal calendar will not appear in Entourage, period. Only appointments made in iCal using the Entourage calendar will appear in Entourage (after a sync).
    Likewise, appointments made IN Entourage Calendar, are sync'd to iCal and are only visible if you show the Entourage calendar in iCal - (it's switched ON by default, but can be switched off by un-ticking the calendar in the left pane of iCal).
    Does this make sense?

  • NAT Address range different to Public

    Hi
    We have a new ASA box in place with a Private, DMZ and Public card which routes out to the Internet fine and everything is currently working as it should.
    I am trying to setup the NAT part, yet the range we have been given is on a different subnet to the Public one we have configured.
    Could anyone tell me the procedure to get it to work?
    I understand setting up a static NAT rule to map the Public to Private and allowing the access rules to connect. Yet I am confused on how to setup routing to this new subnet, I thought I could configure a loopback, but this isn't allowed I understand on the ASA. Any example configs would be much appreciated.
    Many thanks in advance,
    Mark

    Hi Eugene
    This still isn't working for me unfortunately and I don't know where I am going wrong, I really appreciate your help so far. I am on 8.2 and this is just a test to get it working before we map Public to DMZ.
    Here is the config I have:
    NAT
    static (Private,Public) 193.172.195.2 10.25.1.1 netmask 255.255.255.255
    #sh xlate
    Global 193.172.195.2 Local 10.25.1.1
    So NAT seems to be working.
    Access Rules
    I have the following access rule:
    access-list PUBLIC-ACL extended permit tcp any host 193.172.195.2 eq www
    Yet when I do a packet trace on the exception rule, I get:
    Packet Trace
    Interface: Public
    Source IP: 93.13.216.93         Destination Address: 193.172.195.2
    Source Port : 1065                 Destination Port: 80
    +UN-NAT
    -Type - Un-NAT | Subtype - Static | Action - Allow | Show rule in NAT Rules table.
    Config
    static (Private, Public) 193.172.195.2 10.25.1.1 netmask 255.255.255.255
    match ip Private host 10.25.1.1 Public any
    static translation to 193.172.195.2
    translate_hits=3, untranslate hits=111
    Info
    NAT divert to egress interface Private
    untranslate 193.172.195.2 to 10.25.1.1/0 using netmask 255.255.255.255
    (GREEN TICK)
    +ACCESS-LIST
    -Type-ACCESS-LIST | Action - ALLOW | Show rule in Access Rules table.
    Config
    access-group PUBLIC-ACL in interface Public
    access-list PUBLIC-ACL extended permit tcp any host 193.172.195.5 eq www
    (GREEN TICK)
    +IP-OPTIONS
    -Type - ACCESS-LIST | Action - DROP
    (GREEN TICK)
    +ACCESS-LIST
    -Type-ACCESS-LIST | Action - ALLOW | Show rule in Access Rules table.
    Config
    Implicit Rule
    (Red Cross)
    +RESULT - The packet is dropped.
    Input Interface: Public              Line Up     Link Up
    Output Interface: Private          Line Up     Link Up
    Info: (acl-drop) Flow is denied by configured rule
    (Red Cross)
    It is being denied by the implicit any to any Public access default incoming rule, even though I have the exception listed above it,
    Regards,
    Mark

  • Policy nat address pool

    I have an internal firewall between two private networks.
    I want all addrssing on the inside to use the gobal and I want any internal address destined for a group of servers on port 23 on the external to use a pool of addreses
    the inside network is 10.0.0.0/8 and the destination subnet is 10.130.29.0/25. routes exist and connectivity works
    heres the config
    global (outside) 1 10.130.29.2
    nat (inside) 1 access-list nat
    access-list nat deny ip host 10.7.2.206 any
    access-list nat deny ip host 10.7.2.207 any
    access-list nat permit ip any any
    ive added:
    object-group network SERVERS
      network-object host 195.104.88.151
      network-object host 195.104.88.152
      network-object host 195.104.88.153
    access-list serv_acl permit tcp 10.0.0.0 255.0.0.0 object-group SERVERS eq 23
    global (outside) 2 10.130.29.117-10.130.29.126 netmask 255.255.255.128
    nat (inside) 2 access-list serv_acl
    the SERVERS are destined for another network byond the firewall but I need to translate any address from the internal to pool 2. I can connect using the global but after applying the added config above the connection is still using the global. the xlate was cleared.
    Is the subnet mask correct for the pool?
    any help appreciated.

    Hi,
    So you say that your traffic is hitting the original Dynamic Policy PAT rule after configuring the new Dynamic Policy NAT rule?
    I think this is because of the NAT ordering.
    I am not sure if the "ID" of the NAT configuration has any meaning but I would try changing the NAT configuration in the following way
    no global (outside) 1 10.130.29.2
    no nat (inside) 1 access-list nat
    global (outside) 100 10.130.29.2
    nat (inside) 100 access-list nat
    Then perhaps "clear xlate" if situation permits.
    This should do so that the new Dynamic Policy NAT rule is the first to be matched and the original rule comes after that.
    Notice that the original rule has a "permit ip any any" ACL rule which matches all traffic. So everything gets matched to it and wont get matched to the new rule.
    Can you try this out and see how it goes.
    - Jouni

  • Ping Times to NAT Addresses

         If I ping a NAT'ed IP address configured on an ASA 5505, is it handled at the firewall (as far as priority) as if I were pinging the firewall interface itself, or the end device?  The reason I ask is I am seeing waves of ping latency that I can relate to data transfers, but the nothing is even close to being maxed out as far as CPU, memory, or bandwidth.  My guess is this is being handled by the ASA in software instead of in hardware.  Just looking for clarification.
    Thanks,
    Matt

         If I ping a NAT'ed IP address configured on an ASA 5505, is it handled at the firewall (as far as priority) as if I were pinging the firewall interface itself, or the end device?  The reason I ask is I am seeing waves of ping latency that I can relate to data transfers, but the nothing is even close to being maxed out as far as CPU, memory, or bandwidth.  My guess is this is being handled by the ASA in software instead of in hardware.  Just looking for clarification.
    Thanks,
    Matt

  • No Internet with Lion. Stay away until self-assigned IP addresses are fixed!

    I have a TimeCapsule (802.11n 3rd gen) and four Macs. Until two months ago all was well and everyone could connect.
    Two months ago the Apple apps on the MacBook Pro stopped connecting to the Internet on the TimeCapsule network (Mail and Safari would not connect, Firefox was fine). The MacBook Pro connects on all other networks. I travel a fair amount and the computer has connected fine at all networks tried. I have sinced updated to Lion (10.7.2) and the problem is the same. The error in System Preferences indicates that the computer has a self-assigned IP address and will not be able to access the Internet - but Firefox works, so we know that is not  entirely the case.
    Last week our desktop stopped being able to access the Internet using the TimeCapsule network. Problems the same as the MacBook but the desktop Mac is using Snow Leopard.
    Our older laptop is using an earlier version of OSX and all is well. Out antique Mac laptop is also working well.
    We also have a Verizon MiFi and all machines can access the Internet on that.
    I have tried every "fix" I can find on the boards and through Google. Nothing works. From the looks of the boards, there are thousands of users with this problem and no answer from Apple.
    I was much better off before I switched to Lion. In those days, I just used Firefox and looked at my iPad when I needed mail (and waited to sync at the office). But with Lion comes iCloud and an increased reliance on the App store, making  internet connectivity through Apple apps is a must. Can someone from Apple help us fix this? Does anyone have any suggestions?

    That is what I told Comcast, but they said since my
    computer works "fine" in Safe-Boot,
    Classic, and the other PC—then they
    conclude there's no problem with their hardware and
    that its not their problem; that its Apple's issue.
    And nope I'm not connected wirelessly, it's through a
    basic ethernet cable.
    I don't know who to blame for this. Five years ago, this never happened, but it is common now. It affects both Macs and PCs, but as usual, people like Comcast will make an effort to fix a PC but throw up their hands with a Mac. Go figure.
    So, what speed, duplex and adapter type numbers
    should I put in?
    I don't know for sure. Start with duplex. If it current says "auto", change it to "full". If that doesn't work, or if it already was "full", change it to "half". If still nothing, switch it back to "auto" and fiddle with all the 10/100 speed combinations. You may have to go back and try different duplex and speed combinations! It sounds harder than it is. Try changing the duplex and adapter settings from "auto" before changing the speed. I'm am on my work Dell right now (which needed the same fix BTW), so I can't give you very good step-by-step instructions.
    The thing that troubles me is why is it that the
    internet works fine in Safe-Boot and Classic, but not
    Normal OS X mode?
    No clue about that.

  • Ironport ESA behind a NAT address

    I know it is recomended to give an ironport ESA a public IP on a dedicated interface to take advantge of the reputation checking etc.  I believe this is so it recieves the email frmo the original sender IP and if you put a relay between the Ironport and the original sender you break this.  I know there is some things you can turn on in this case but my question is if I NAT from an external IP to the ironports internal IP this shouldnt loose the feature becuase the origin IP doesnt change and the connection is still direct to the ironport, not via a relay.  Is this correct?  Will i loose any functionality if I NAT the Ironport?  Reason im asking is I dont have a free IP to give just to the Ironport but have others I can reuse since SMTP is not in use on these IP's.                  

    Hi Lance,
    Using NATed IP address does not break any of the ESA functionality including reputation filtering. The ESA is only looking at the source IP address for inbound connections and if the firewall is not changing the source IP, ESA will be able to perform reputation filtering without issues.
    Using another MTA before the ESA will include a little bit of complexity. However, even with that it is possible to perform reputation filtering using combination of "Incoming Relay" feature and content/message filters.
    Regards,
    Rehan Latif

  • Same device name has multiple IPs and MAC addresses - my fix

    Router: Cisco Linksys EA4500 (N900)
    Cloud Firmware: 2.1.139.145204 (no, I don't plan to update this version to the latest)
    Cable Modem Service
    So I was playing around with Oracle's VirtualBox (it's kinda like VMware, or Microsoft's HyperV) on my primary LAN-wired desktop in my home network, to create Virtual Machines (VMs, hereafter) to technically preview Microsoft's Windows 10 (may be released next year), and a couple of my other Windows installations.
    I ended up launching VMs with the same hostname, but with different MAC addresses (and thus, different IP addresses).
    The Linksys cloud firmware displayed all those MAC-IP combinations under the same hostname icon in its Smart WiFi Tools' Device List.
    Some people here have complained about this issue, and I'd like to say this has never happened to me before (using the EA4500 for over a year), and I have about 15 devices connecting to my router, a minimum of 5 online at any one time.
    With this kind of situation, you can't individually address each of those affected machines for Parental Controls and other configuration options.
    What I did to solve the problem:
    1. Ensure every VM has a unique name (change hostname in Windows Control Panel).
    (this can be challenging since a cloned VM will initially start with the same name as its master, and the problem will already occur. Once the problem occurs, just renaming the hostname and rebooting the device/VM will not solve the problem. Would be nice if it did)
    2. Get all duplicated devices off the network.
    3. Execute a "ipconfig /flushdns" from the command prompt.
    4. Delete any device (click on the x in the Device List icon) when it goes offline in the Smart WiFi Device List.
    5. Ensure no duplicates exist under Connectivity, Local Network, DHCP Reservations (I use DHCP reservation for a number of my devices so they are guaranteed a fixed local IP)
    6. Hit Refresh (more than once! ) under Troubleshooting, Status to get a list of devices with non-duplicate MAC addresses.
    7. Do the same after clicking on the DHCP client table button on the same page.
    8. Reboot the router (this step was not necessary some times, but I'd do it just to be safe).
    9. Now add the devices back onto your network one at a time.
    If there are no more hostname duplications, the VM devices with their unique MAC addresses should create new icons in the Device List page as they connect to the home network.
    Hope the above helps somebody.

    For which version of Mail and OS?

  • I want to sign in using apple id password and altho i have changed my email address on the settings, the old one comes up on the box on the ipad when trying to update all the apps.  so putting password in no longer works, as its the address. how fix ?

    Signing in using the apple id password to update and purchase stuff thru apple store, gives the old email and am unable to get into the apps store, etc...to change, update and purchase stuff.   when using password it won't work, as the email is wrong, yet in the box doesn't appear a place to change the email. would have thought as it changed, days ago - it would change to the updated email.
    how do i access the stuff ? thanks

    How did you fix this??

Maybe you are looking for

  • How can I create a system backup in Solaris 10?

    Hello, sorry about my English. I need to create a image of entire disk or a system backup. I think use "ufsdump" but I'm not sure. Can I create a backup of whole disk with "ufsdump" command? Are there any application to do it.? I've got a Solaris 10.

  • Which one do you choose? JellyBean or trade-in credit or nothing?

    I read news from Verge : "Motorola also said that it would offer a $100 trade-in credit to those who bought a Motorola phone in 2011 (or later) that isn't eligible for the update to Jelly Bean." Resource :   http://www.theverge.com/2012/9/6/3298835/m

  • Domain - single value range

    HI, Ive created an enumarated domain. I want to print a report based on this table, how can i print the description depeneding on value. For e,.g the domain zcusttype contains following allowed values 01- Internal 02 - external How can i pick the dec

  • Apex filter is not working in interactive linked reports

    hi all, i created a interactive reports using linked columns.everything looks good but when i select particular record using one of searching attributes and navigate to other interactive reports using hyperlink it's working. when i click back button

  • Inputs required for ESS Worflows

    Hi! Experts, I have a question in ESS Worflows? The Workflow is for 'Work Permit Application' which is complete customized development with Portal ivews. Now as Employee will fill out this form and press Submit than at the same time Workflow need to