ok here is the problem if i use
ip nat inside source static tcp 10.0.20.2 25 xxx.xxx.xxx.162 25 extendable
it ends up as .161 when the email server sends and if use
ip nat inside source static 10.0.20.2 xxx.xxx.xxx.162
then i can't see the server at from the other site on the private ip ie can't ping ip from 10.16.0.5 can i do this so that i can still see it from site B 10.16.0.xxx on private range while the getting the smtp to still work.
here is the config...
crypto isakmp policy 20 encr 3des authentication pre-share group 2 crypto isakmp key sharedkey address xxx.xxx.xxx.17 ! ! crypto ipsec transform-set tr-esp-3des esp-3des esp-md5-hmac ! crypto map gateway 10 ipsec-isakmp set peer xxx.xxx.xxx.17 set transform-set tr-esp-3des match address 101 ! ! ! ! interface Ethernet0 ip address 10.0.20.1 255.255.255.0 ip access-group 107 in ip nat inside ip tcp adjust-mss 1452 no ip mroute-cache hold-queue 100 out ! ! interface ATM0 no ip address ip nat outside no ip mroute-cache atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer1 ip address xxx.xxx.xxx.161 255.255.255.252 ip mtu 1492 ip nat outside encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname ispusername ppp chap password isppassword crypto map gateway ! ip nat inside source route-map nonat interface Dialer1 overload
ip nat inside source static tcp 10.0.20.2 25 xxx.xxx.xxx.162 25 extendable ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! access-list 101 permit ip 10.0.20.0 0.0.0.255 10.16.0.0 0.0.0.255 access-list 105 deny ip 10.0.20.0 0.0.0.255 10.16.0.0 0.0.0.255 access-list 105 permit ip 10.0.20.0 0.0.0.255 any access-list 107 permit ip any any log dialer-list 1 protocol ip permit route-map nonat permit 10 match ip address 105 ! !