04-01-2013 06:25 AM
I'm having some problems with my Aruba W-3500 and dst-nat rules and was wondering if anyone has any ideas.
I have created a access policy to redirect all tcp port 25 traffic to a external destination email server i have. bascailly i'm trying to setup a SMTP redirect.
I have 3 VLANs configuration my controller.
Staff - 10.4.0.0/24 VLAN 10
Wireless Free - 10.21.4.0/22 VLAN 60
Wireless Paid - 10.20.4.0/22 VLAN 70
Bascially the issue i am having is that the dst-nat rule works and traffic is being re-directed to my external SMTP server, but it is being redirected on the wrong VLAN and my rounter then rejects the traffic.
It seems to either redirect using VLAN 10 or VLAN 70. If i am connected to VLAN 10 and try to connect to an SMTP server i am succesfully re-directed an am able to connect. If i try from my Wireless VLAN the controller redirects my traffic but on VLAN 10 and my rounter then rejects it.
Does anyone have any ideas on what is happening here and why the controller is doing this ?
Solved! Go to Solution.
04-01-2013 06:36 AM
It would be helpful to show the portion of your policy that is doing the DST-NAT.
Alternatively, if you want all the SMTP traffic to route via a particular IP, then I'd suggest you use the DUAL-NAT option. It allows DST-NAT and SRC-NAT in the same policy. For example:
First create your dual-nat pool:
ip nat pool <name.of.your.pool> <beg.src.nat.ip> <end.src.nat.ip> <dst.nat.ip.address>
Then use the dual-nat pool in your policy:
user any svc-smtp dual-nat pool <name.of.your.pool> 25
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX