we have a cisco asa 5505 with 3 interfaces: outside, inside, dmz. I am trying to set it up to forward mail traffic (port 25) to the DMZ but pop3 and imap to go directly to our exchange server.
The outside IP for mail (including pop3 and imap) is 10.10.10.2 for example. the mail server in the dmz is 192.168.2.11 and the exchange server in the inside is 192.168.1.12
I have the following entries:
access-list outside_in extended permit tcp any host 10.10.10.2 eq 25 access-list outside_in extended permit tcp any host 10.10.10.2 eq 110 access-list outside_in extended permit tcp any host 10.10.10.2 eq 143
Then for static:
static (inside,outside) tcp 10.10.10.2 pop3 192.168.1.12 pop3 netmask
255.255.255.255 static (inside,outside) tcp 10.10.10.2 imap4 192.168.1.12 imap4 netmask 255.255.255.255 static (dmz,outside) tcp 10.10.10.2 smtp 192.168.2.11 smtp netmask 255.255.255.255when I enter this last static command I get the following warning:
WARNING: mapped-address conflict with existing static TCP inside:192.168.1.12/110 to outside: 10.10.10.2/110 netmask
255.255.255.0 WARNING: mapped-address conflict with existing static TCP inside:192.168.1.12/143 to outside: 10.10.10.2/143 netmask 255.255.255.0I do not know why it is giving me this warning as it is a different port translation. Mail still flows ok as far as I can tell but I am worried this will have hidden consequenses. Can anyone shed some light on this warning? Thanks.