NAT public /24 to private /24

Similar Messages

• Public APIs vs Private APIs

  Hi All,
  Am a beginner in Apps want to know whts the difference between Public APIs and Private APIs
  rgds

  Yes class-dump can always be used to generate public interfaces in a hostile world but that's not really the point. The issue is how to generate clean interfaces for a team of software developers. Anyway after talking to Matt, I have answered my own question: a synthetic property, a category plus a hand coded setter will make this work. Once the bug in @synthesize is fixed this will be nice solution to the problem.
  Here are a few bits to illustrate:
  In MyClass.h
  @interface MyClass
  @property (readonly) id someProperty;
  @end
  In MyClass.m
  #import "MyClass.h"
  @interface MyClass (Private)
  @property (retain) id someProperty;
  @end
  @implementation MyClass
  @synthesize someProperty;
  // Bug - hand written setter needed since @synthesize will not generate one for me
  - (void) setSomeProperty: (id)newProperty
  if (newProperty != someProperty)
  [someProperty release];
  someProperty = [newProperty retain];
  @end
  Files that import MyClass.h will only have access to the getter while the setter is available to MyClass.m.

• Public sector Vs private sector

  Hi,
  Could any one please let me know the differences in public sector and private sector.

  Hi,
  Question is not very clear. but i will try to explain from SAP angle
  In SAP perspective, in Public sector funds Budget and budget monitoring is very important.
  Use of Funds management module is more for Public sector . Everything will be earmarked and it is not allowed to cross the earmarked funds(basically budget figures)
  Private sector concentrates more on profitablity and is flexible
  It is difficult to implement in Public sector compared to Proivate sector
  Assign points if useful
  Sunoj

• Static nat & public IP on inside interface.

  Hello Guys,
  I am facing some issue related to static nat please provide your replies. let me explain the scenario.
  At site we have 4 cameras connected on switch and NVR (network video recorder) also connected on the same switch.
  Locally at site we are able to access the four cameras via http/web and also through NVR software .
  In order to access this cameras from remote location, we did static natting in router with pubic ip address for this cameras private IP address. Find nat table below.
  At remote site/from internet when we are adding the cameras in NVR software using public IP address. Later automatically public IP address resolving into private IP address.
  We are able to access cameras individually using http://<public ip address for camera> but when we try to add it in INVR software its changing public ip address to private.
  Camera Name
  Private IP address
  Public IP address
  Camera 1
  192.168.1.3
  xx. x8.23.115
  Camera 2
  192.168.1.4
  xx.x8.23.116
  Camera 3
  192.168.1.5
  xx.x8.23.117
  Camera 4
  192.168.1.6
  xx.x8.23.118
  Below is the configuration for the router. I am concerned about the public IP address which is assigned on internal/LAN interface instead of outisde interface by ISP. In other project i experienced Public IP address is at outside interface and private is at inside interface and we do static nat for inside to outside interface.
  But here when i access the cameras through public IP individually its working but not when i am adding this public IP in NVR software. May be something is wrong with static.
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 868
   ip address 172.20.38.26 255.255.255.252
   ip nat outside
   ip virtual-reassembly in
  interface GigabitEthernet0/1
   ip address 192.168.1.1 255.255.255.0 secondary
   ip address 212.x.x.113 255.255.255.240                       (its a public IP address)
   ip nat inside
   ip virtual-reassembly in
   duplex auto
   speed auto
  ip nat inside source list 10 pool SLT overload
  ip nat inside source static 192.168.1.3 x.x.23.115
  ip nat inside source static 192.168.1.4 x.x.23.116
  ip nat inside source static 192.168.1.5 x.x.23.117
  ip nat inside source static 192.168.1.6 x.x.23.118
  ip route 0.0.0.0 0.0.0.0 172.20.38.25
  access-list 10 permit 192.168.1.0 0.0.0.255
  ip nat translation tcp-timeout 1000
  ip nat translation udp-timeout 1000
  ip nat pool SLT xx.xx.23.114 xx.xx.23.114 netmask 255.255.255.240
  ip nat inside source list 10 pool SLT overload
  Please advise on the above configuration. Your help in the above regard will be highly appreciated.
  Many Thanks in Advance.

  It is a bit odd to see the IPv4 address assigned this way. (Putting it on a Loopback would be a more elegant approach if the ISP is using private addresses for the WAN link.) But, there's nothing in here that would cause the NAT to fail. I suspect that the cameras are doing an HTTP redirect to their private IPv4 addresses at some point and this is causing your software to switch.
  With this configuration, there's no reason why you can't just put the cameras directly on the public addresses and forego the NAT entirely. If there is a redirect going on, they will redirect to the correct IPv4 address and things will still work.

• Calendar apps:  1. That my wife and I can share.  2. That shows some of the text in the full month view.  3.  That can have "public" events and "private" events.

  Hello All,
  I am looking for a calendar app that my wife and I can share on both of our iphones.  I am new to this and haven't found an app that will do what I want.
  1. I want the full month view to show some of the text of each event:  Like Pocket Informant and Monthly Calendar Mocha do (not just a dot).
  2. That both of us can post and see each other's events.
  3. That each of us can post "private" events that the other person won't see on their phone.  Things like, "Wife's surprise party."
  4. That sync's both calendars automatically.
  I know a lot of people use Fantastical, but I don't think that would give me the text in the full month view.
  Is there an app that can do all of the above?
  Thanks in advance.
  Rick

  Sharing and syncing is a feature of the calendar database; you can have multiple calendars, and each can be private, shared with specific other iCloud users, or public. If you have a Mac you can set that up in the Calendar app; for either Mac or Windows you can set it up by logging in to iCloud.com using your Apple ID.
  The other calendar apps all use the Apple calendar database; they just have different ways of presenting the content, and can also take advantage of "hidden" features of the Apple calendar database (such as adding icons to entries).

• Public static vs private

  Hi
  I have 3 classes, A, B & C.
  I have one variable, var, that can be used in class B and C; I have declared it in class B, and passed when I create an istance of C in B.
  Then I need also to read its value in class A.
  Now the ways are two (I think ...):
  1. declare it as public static in class A and then use A.var in class B and C;
  2. declare it as private in A and then passed to B when I create in A an istance of B and to C then I create in B an istance to C.
  Considerations:
  a. I don't like to declare public variables, I think is a bad way to program,
  isn'it?
  b. the second way is a problem when I have 10 variables (the constructors have too many parameters), right?
  Could anyone help?

  The problem is I tryied to find these answer in
  Intenrnet, but I don't find anything.That's fine. That's why most of us are here.
  My application works as this:
  I have a main class (A) that have a main menu in
  console style; from this class I create a new client
  class (B) that receive commands from a server; if a
  command is valid, B create an istance of C that
  rappresents a trainer machine. In C I have all
  workout variables (time, incline, speed ...).
  By menu (in class A) i could pause the trainer and by
  A and/or remote server I could ask the state of the
  machine (C).
  In your explanation above, I draw your attention to "instance". You are making instances of your classes. That being the case, your variables should probably be instance variables
  NOT
  public static int firstVariable = 0;BUT
  protected int firstVariable = 0;You would then provide get and set methods to access the protected variable.
  If you find yourself writing B b = new B() then you know you are dealing with an instance and you should avoid all static variables unless you really do mean "this value is the same across all Bs".
  I have 8 state variables I could manage in that way.
  The only way I have for now found is definite a
  public static long vars in C (and use them in A e B
  as C.state, C.time, ...) to avoid to pass 8
  parameters when I create the istances from A to C.Assuming that C has eight variables and your design isn't done yet you can still pass an instance of C to the other objects. They don't need to have their method/constructor signatures changed when you add a new variable as your C object encapsulates it already.
  >
  Is right? Any other suggestion?Yes. Don't stick to "C.time" because that's what you've got so far. Instead, you should be using
  C c = new C();
  c.getTime();That way, the time variable is unique to the instance.

• Clustered Environment - Changing from Public Network to Private Network

  I have a clustered environment where the database sits on one node and the central instance sits on the other node. We just found out that somehow the communication between the database and central instance has been changed to talk over the public network instead of the private network. We don't know who did it or why.
  So, my question is what do I need to do in SAP to accomodate the changing back to using the private network? Do I need to change system names in the profiles? Are there any gotchas on doing this? Are there any documents on doing this?
  Thanks for any information you can provide on this topic.
  Thanks,
    -- Jackie

  This is most likely a name resolving problem.
  If you ping <name> from one server to the other, which network is used?
  Markus

• 'PUBLIC' thread vs 'PRIVATE' thread in v$thread

  Hi all,
  Our db is 10g RAC db and the servers are 2003 MS window. Can anybody tell me what the differences are between a thread is 'PUBLIC' and a thread is 'PRIVATE'?
  Thank you so much for your help!!
  Shirley

  A "PUBLIC" thread can be acquired by any instance at startup.
  This has nothing to do with Transaction Load Balancing. Your ArchiveLog volumes
  indicate that one instance has more transactions (Redo generation) then the
  other. Either the application / clients are statically configured to run more
  transactions on one instance then the other OR round-robin Load Balancing
  isn't effective in that heavier transaction loads happen to be occurring on one
  instance.
  Sometimes it makes sense for one instance to be busier than the other.
  a) When the servers are not equally configured (eg different CPU counts)
  b) When a certain part of the application / schema is more heavily used
  and that application statically uses one instance so as to avoid block pinging
  across the instances.

• Change Lync 2013 Edge Server Natted public ip addresses

  we changed public ip addresses for Lync 2013 edge. I changed only a/v edge service NAT-Enabled public ipv4 address to the new public ip address .
  published the topology
  run
  Invoke-CsManagementStoreReplication command
  restarted edge server.
  what else to do to solve it ?
  Error:
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.*****.com on port 5061.
  The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
  Additional Details
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

  Hi,
  Please re-run Step 2-Setup or Remove Lync Server Components after changing IP in topology.
  Kent Huang
  TechNet Community Support

• Public vs. Private iTunes U Site

  Can someone please correct or confirm my interpretations?
  1. The iTunes U Private and Public sites are totally un-linked as far as content?  The content copy was one time, all other files will have to be uploaded to each location separately?
  2. The access role All@urn:mace:itunesu.com... is now non-functional in iTunes U private site?
  3. iTunes U private site will no longer generate RSS feeds of content?
  Thanks for any insight you can add.
  .\.\att

  The below in BOLD is what I am trying to do, but do not have an option to do.  Is this something Apple must give me a role or permission to do?  I am already and Administrator..  Thanks in advance!
  To add content to your site you must create collections containing the course content, series information, or items you want to share with your users.
  To add a collection:
  Click Collections at the top of iTunes U Public Site Manager.
  Click the Add button.
  Choose one of the following from the pop-up menu:iTunes U Public Site Manager adds the new collection to the collections manager page.
  Provider-Hosted Feed. Choose Provider-Hosted Feed to add a new collection from a feed URL hosted on your servers, type the feed URL, and then click Add. For example, http://www.example.com/rss/provider-hosted-collection.rss.
  Apple-Hosted Feed. Choose Apple-Hosted Feed, if available, to add and edit a new collection from a new RSS feed hosted on Apple's servers, click Add, and then use the feed editor to add channel and item details and upload content.
  Copy from Original iTunes U Site. Choose “Copy from Original iTunes U Site” to add a new collection by copying a group from your original iTunes U site, type the group URL, and then click Add. To copy a group from your original iTunes U site, navigate to the group, Control-click the group's tab, choose Copy Link, and then paste the link in the Group URL field.You must be an administrator to use "Copy from Original iTunes U Site". You cannot use "Copy from Original iTunes U Site" to add a feed course from your original iTunes U site.Once you publish your site, you can no longer use "Copy from Original iTunes U Site" to add a collection in iTunes U Public Site Manager.
  If you add, remove, or hide a collection or update an iTunes U Public Site Manager page, you must publish your site for the changes to appear in iTunes U in the iTunes Store. Publishing changes can take up to 24 hours to appear in the iTunes Store.

• MeetingPlace Express:1st adress Public and second private

  Hello,
  We know that MPE must have 2 IP address.
  But my question is : is it possible top make this design : the 1st IP addres is Public, and the second will be private.
  The public address will serve as Web, voice and video (sip or H323 trunk or gatewa), the private address connect to another Voice Gateway that is inside a LAN.
  Best regards

  No, that design is not possible; the two NICs are utilized for different puproses and this behavior cannot be changed. Also, MPE requires a second server - the Segmented Meeting Access (SMA) server - for external/public access. The internal server is not intended to be publically accessible on the internet.

• Cannot connect to WiFi in public areas or private or Ad Hoc connections

  I have a 32 GB iPod Touch 2G that is running 4.2.1
  All has been going well, until last week. I tried to connect to a public WiFi (that I have connected to 50 times or more) and it said "Cannot connect to Network". I tried everything that I know how to do, but nothing worked. I then went to another public WiFi (with WEP), but could not get on there either. I then went home and tried to connect to my computer through an Ad Hoc WiFi connection (since we do not WiFi at our house), but I was not able to connect there either.
  I reset it, I synced it, but the problem persists.
  I always have the iPod on Airport mode, so as not to run the battery down. I then take it off Airport mode, turn on WiFi, and wait for the Network to show up on the iPod Touch. I then press the Network that I want. It immediately gives me the check mark next to the Network name, then later it gives me the WiFi symbol at the top left of the screen. I then wait for the Login page...it never comes up. I then go to Safari to force it to come up, but nothing. It says that I am not connected to a Network. I then get fed up with it and try to turn off WiFi, but the Network name stays, even though the WiFi is Off. I then try to turn on the Airport mode, but the airplane does not show up. I try and try to get away from the network, but it will not reset to normal until I press the Home button and the On/Off button together. I then get the circle of dashes (but just a short 1 and 1/2 rotations - ODD), then the black screen. Then I press the On button and get the Apple symbol. Then I sign in and the Airplane is there and the WiFi is off...till I try again. No connections and then I have to repeat this to get it back to half way normal.
  Please help me with this situation. I really do not want to restore the iPod Touch, since I do not have a WiFi network near me...and I have a lot of apps that would have to be set-up through WiFi (taking a lot of time). My fear (if you could call it that), is that if I restore the iPod Touch, and find out that the WiFi problem persists...then I will not be able to use a number of Apps that I use a lot.
  There has to be a simpler answer to this situation.

  +Comment on #2. I'm not aware of any offline apps working with an iPod touch that hasn't been jailbroken. If you have jailbroken your device, we really can't help you here per the terms of service of this website. However, if this just updated data for a legit app or a web app, then it you are going to have to get network access working for it to work and, as you have said, iTunes isn't going to do it.+
  Answer to #2: For one thing, the iPod Touch that I have is NOT jailbroken. I have never jailbroken any of my devices. I am a big supporter of Apple products, because they work. If a device is jailbroken, essentially taking Apple's expertise out of the equation. If I wanted to do that, I would use Android, and suffer with the fragmentation that they suffer with (along with all the problems jailbroken devices have). Enough on that.
  Offline Wiki is an approved app from the AppStore (it is Wikipedia in your pocket, without the Internet). You download the app from iTunes. It is useless till you then download the content (whichever language that you want - for example the one I want, English is 3 GB of space). Since I am not in a WiFi area, and I do not visit WiFi areas often (nor for any real length of time, downloading 3 GB of information takes hours (nearly three hours, when I first did it). The only reason that I was reluctant to Restore my iPod Touch, was to avoid having to do that process again, and not being able to use the app (which I use a lot) until I do spend the time to download the Wikipedia Database onto my iPod Touch.
  +A comment on #1. Those websites that require you to login again - this is a function of the network setup at that site. In effect, they are expiring your lease as soon as you disconnect. When you log in again, you are treated as a completely new user.+
  Answer to #1: Yes, I understand that. Thank you.
  Good luck on the restore.
  Thank you. This, unfortunately was what I had to do. As expected, but not for sure, the WiFi is now working again. It seems that my iPod Touch got corrupted (within the iOS). The reinstalling wasn't as bad as I thought it would be, except I do not have the use of Offline Wiki (since my visit to the doctor yesterday was only for an hour, which I used to update all the other things that I needed WiFi access for. I started the download process, but it will take at least 2 hours to finish).
  Conclusion: The only way to fix this situation, as far as I can tell, is to Restore your iPod Touch. Thank you for reading my long windedness. Also, thank you "luvlabs" for our conversation (though we haven't seen eye-to-eye much in the conversation, but I appreciate the time you spent to try. Thank you.
  Message was edited by: Fr. Ignatius

• Configuration Help Needed - Layout of Public Access and Private Access Network

  HELP
       I need help in laying out the following network - herre is my first stab at it.
  1. Actiontec DSL Modem - DHCP On     ----- Model GT701-WG
     WAN IP Address 12.17.66.203
     WAN SubNet Mask 255.255.255.255
     Lan IP Address 192.168.0.1
     Lan SubNet Mask 255.255.255.0
  2. WRT54G - DHCP On ----------------  Open to Public Access to the Internet
     Local IP Address 192.168.1.1
     Subnet Mask 255.255.255.0
  3. DellPowerConnect 2708 Switch ---  Open to Public Access to the Internet
  4. MS Windows SBS2003 Server   --- Closed to Public Access
      Connecting to the #2 WRT54G thru a Linsys network card
  5. WRT54G - DHCP Off - ??? --------- Closed to Public Access
      Connecting to another Linksys network card in the SBS2003 Server
     Local IP Address 192.168.1.2     ???
     Subnet Mask 255.255.255.0
  6. Linksys SD216 Switch                 --- Closed to Public Access
  Any help would be greatly appreciated

  I got the network setup, but did not get what you are trying to do. Do you have 2 WRT54Gs there? Are you trying to turn off DHCP server of second WRT54G? A detailed information would be appreciated.

• NAT Public Addresses to diffrent VRFs

  Hi,
  We have a /28 on the outside and want to assign seperate IP addresses with NAT to seperate VRFS, for example:
  130.140.131.78 -> NAT -> vrf A -> 192.168.1.1
  130.140.131.79 -> NAT -> vrf B -> 192.168.1.1
  on so on and so forth....
  Is this possible ? I have tried several option but no luck/wisdom so far.
  Gr. Gilles.
  P.S. Platform are routers 29xx and 39xx

  Hi,
  what options have you tried already ?
  I think that vrf-aware static nat will do the job, something like:
  ip nat inside source static 192.168.1.1 130.140.131.78 vrf A
  Cheers,
  Mikhail.

• ASA 5510 Multiple Public IP - Static NAT Issue - Dynamic PAT - SMTP

  Running into a little bit of a roadblock and hoping someone can help me figure out what the issue is.  My guess right now is that it has something to do with dynamic PAT.
  Essentially, I have a block of 5 static public IP's.  I have 1 assigned to the interface and am using another for email/webmail.  I have no problems accessing the internet, receving emails, etc...  The issue is that the static NAT public IP for email is using the outside IP instead of the one assigned through the static NAT.  I would really appreciate if anyone could help shed some light as to why this is happening for me.  I always thought a static nat should take precidence in the order of things.
  Recap:
  IP 1 -- 10.10.10.78 is assigned to outside interface.  Dynamic PAT for all network objects to use this address when going out.
  IP 2 -- 10.10.10.74 is assgned through static nat to email server.  Email server should respond to and send out using this IP address.
  Email server gets traffic from 10.10.10.74 like it is supposed to, but when sending out shows as 10.10.10.78 instead of 10.10.10.74.
  Thanks in advance for anyone that reads this and can lend a hand.
  - Justin
  Here is my running config (some items like IP's, domain names, etc... modified to hide actual values; ignore VPN stuff -- still work in progress):
  ASA Version 8.4(3)
  hostname MYHOSTNAME
  domain-name MYDOMAIN.COM
  enable password msTsgJ6BvY68//T7 encrypted
  passwd msTsgJ6BvY68//T7 encrypted
  names
  interface Ethernet0/0
  speed 100
  duplex full
  nameif outside
  security-level 0
  ip address 10.10.10.78 255.255.255.248
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 192.168.2.2 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  boot system disk0:/asa843-k8.bin
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  dns server-group DefaultDNS
  domain-name MYDOMAIN.COM
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network inside-network
  subnet 192.168.2.0 255.255.255.0
  object network Email
  host 192.168.2.7
  object network Webmail
  host 192.168.2.16
  object network WebmailSecure
  host 192.168.2.16
  access-list inside_access_out extended permit ip any any
  access-list inside_access_out extended permit icmp any any
  access-list VPN_Split_Tunnel_List remark The corporate network behind the ASA (inside)
  access-list VPN_Split_Tunnel_List standard permit 192.168.2.0 255.255.255.0
  access-list outside_access_in extended deny icmp any any
  access-list outside_access_in extended permit tcp any object Email eq smtp
  access-list outside_access_in extended permit tcp any object Webmail eq www
  access-list outside_access_in extended permit tcp any object WebmailSecure eq https
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-647.bin
  asdm history enable
  arp timeout 14400
  nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
  object network obj_any
  nat (inside,outside) dynamic interface
  object network Email
  nat (inside,outside) static 10.10.10.74 service tcp smtp smtp
  object network Webmail
  nat (inside,outside) static 10.10.10.74 service tcp www www
  object network WebmailSecure
  nat (inside,outside) static 10.10.10.74 service tcp https https
  access-group outside_access_in in interface outside
  access-group inside_access_out out interface inside
  route outside 0.0.0.0 0.0.0.0 10.10.10.73 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server MYDOMAIN protocol kerberos
  aaa-server MYDOMAIN (inside) host 192.168.2.8
  kerberos-realm MYDOMAIN.COM
  aaa-server MYDOMAIN (inside) host 192.168.2.9
  kerberos-realm MYDOMAIN.COM
  aaa-server MY-LDAP protocol ldap
  aaa-server MY-LDAP (inside) host 192.168.2.8
  ldap-base-dn DC=MYDOMAIN,DC=com
  ldap-group-base-dn DC=MYDOMAIN,DC=com
  ldap-scope subtree
  ldap-naming-attribute sAMAccountName
  ldap-login-password *****
  ldap-login-dn CN=SOMEUSER,CN=Users,DC=MYDOMAIN,DC=com
  server-type microsoft
  aaa-server MY-LDAP (inside) host 192.168.2.9
  ldap-base-dn DC=MYDOMAIN,DC=com
  ldap-group-base-dn DC=MYDOMAIN,DC=com
  ldap-scope subtree
  ldap-naming-attribute sAMAccountName
  ldap-login-password *****
  ldap-login-dn CN=SOMEUSER,CN=Users,DC=MYDOMAIN,DC=com
  server-type microsoft
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.2.0 255.255.255.0 inside
  http redirect outside 80
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  email [email protected]
  subject-name CN=MYHOSTNAME
  ip-address 10.10.10.78
  proxy-ldc-issuer
  crl configure
  crypto ca certificate chain ASDM_TrustPoint0
  certificate e633854f
      30820298 30820201 a0030201 020204e6 33854f30 0d06092a 864886f7 0d010105
      0500305e 31143012 06035504 03130b47 46472d53 55532d41 53413146 301a0609
      2a864886 f70d0109 08130d39 382e3130 302e3232 322e3738 30280609 2a864886
      f70d0109 02161b47 46472d53 55532d41 53412e47 46472d50 4541424f 44592e43
      4f4d301e 170d3132 30343131 30373431 33355a17 0d323230 34303930 37343133
      355a305e 31143012 06035504 03130b47 46472d53 55532d41 53413146 301a0609
      2a864886 f70d0109 08130d39 382e3130 302e3232 322e3738 30280609 2a864886
      f70d0109 02161b47 46472d53 55532d41 53412e47 46472d50 4541424f 44592e43
      4f4d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100b4
      aa6e27de fbf8492b 74ba91aa e0fd8361 e0e85a31 f95c380d 6e5f43ac a695a810
      f50e893b 82b91870 a32f7e38 8f392607 7a69c814 36a71a9c 2dccca07 24fe7f88
      0f3451ed c64e85fc 8359c87e 62ebf166 0a570ac5 f9f1c64b 262eca66 ea05ab65
      78da1ac2 9867a115 b14a6ba1 cd82d04e 00fc6557 856f7c04 ab1b08a0 b9de8b02
      03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f
      0101ff04 04030201 86301f06 03551d23 04183016 801430cf 97ef92bb 678e3ba3
      0002069c 8130550a 2664301d 0603551d 0e041604 1430cf97 ef92bb67 8e3ba300
      02069c81 30550a26 64300d06 092a8648 86f70d01 01050500 03818100 64c403bd
      d75717ab 24383e77 63e10ba7 4fdef625 73c5a952 19ceecbd 75bd23ca 86dc0298
      e6693a8a 2c7fb85f 096497a7 8d784ada a433ee0d d88e9219 f0615f3c 7814bf1c
      5b4fe847 7d8894eb 18fe2da7 05f15ae9 bc2c17ec 3a7831ee f95d6ced 4799fba2
      781c8228 48224843 dc07ebb5 d20abf2a b68cfa62 ac71a41b 1196a018
    quit
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 enable outside client-services port 443
  crypto ikev2 enable inside client-services port 443
  crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
  crypto ikev1 policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.2.0 255.255.255.0 inside
  telnet 192.168.1.0 255.255.255.0 management
  telnet timeout 20
  ssh timeout 5
  console timeout 0
  management-access inside
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp server 192.168.2.8 source inside prefer
  ssl trust-point ASDM_TrustPoint0 inside
  ssl trust-point ASDM_TrustPoint0 outside
  webvpn
  enable outside
  enable inside
  anyconnect-essentials
  anyconnect image disk0:/anyconnect-win-3.0.5080-k9.pkg 1
  anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
  anyconnect enable
  tunnel-group-list enable
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol ikev1 l2tp-ipsec
  group-policy GroupPolicy_VPN internal
  group-policy GroupPolicy_VPN attributes
  wins-server value 192.168.2.8 192.168.2.9
  dns-server value 192.168.2.8 192.168.2.9
  vpn-filter value VPN_Split_Tunnel_List
  vpn-tunnel-protocol ikev2 ssl-client
  group-lock value VPN
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN_Split_Tunnel_List
  default-domain value MYDOMAIN.COM
  webvpn
    anyconnect profiles value VPN_client_profile type user
  group-policy GroupPolicy-VPN-LAPTOP internal
  group-policy GroupPolicy-VPN-LAPTOP attributes
  wins-server value 192.168.2.8 192.168.2.9
  dns-server value 192.168.2.8 192.168.2.9
  vpn-filter value VPN_Split_Tunnel_List
  vpn-tunnel-protocol ikev2
  group-lock value VPN-LAPTOP
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN_Split_Tunnel_List
  default-domain value MYDOMAIN.COM
  webvpn
    anyconnect profiles value VPN_client_profile type user
  tunnel-group VPN type remote-access
  tunnel-group VPN general-attributes
  authentication-server-group MYDOMAIN
  default-group-policy GroupPolicy_VPN
  dhcp-server 192.168.2.8
  dhcp-server 192.168.2.9
  dhcp-server 192.168.2.10
  tunnel-group VPN webvpn-attributes
  group-alias VPN enable
  tunnel-group VPN-LAPTOP type remote-access
  tunnel-group VPN-LAPTOP general-attributes
  authentication-server-group MY-LDAP
  default-group-policy GroupPolicy-VPN-LAPTOP
  dhcp-server 192.168.2.8
  dhcp-server 192.168.2.9
  dhcp-server 192.168.2.10
  tunnel-group VPN-LAPTOP webvpn-attributes
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
  class class-default
    user-statistics accounting
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  hpm topN enable
  Cryptochecksum:951faceacf912d432fc228ecfcdffd3f

  Hi ,
  As per you config :
  object network obj_any
  nat (inside,outside) dynamic interface
  object network Email
  nat (inside,outside) static 10.10.10.74 service tcp smtp smtp
  object network Webmail
  nat (inside,outside) static 10.10.10.74 service tcp www www
  object network WebmailSecure
  nat (inside,outside) static 10.10.10.74 service tcp https https
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network inside-network
  subnet 192.168.2.0 255.255.255.0
  object network Email
  host 192.168.2.7
  object network Webmail
  host 192.168.2.16
  object network WebmailSecure
  host 192.168.2.16
  The flows from email server ( 192.168.2.7 ) , will be NATed to 10.10.10.74, only if the source port is TCP/25. Any other souce port will use the interface IP for NAT.
    Are you saying that this is not happening ?
  Dan