I have a 5520 (v8.2, ASDM v6.4) with 3 network legs: Internal, DMZ, External. External has a range of address and is the outgoing NAT pool. I have a mail transport server in the DMZ that has to accept inbound SMTP and a web server in one subnet of the Internal range which hosts an HTTPS site. For the WAN I’m connected to (not the Web), DNS points both SMTP and HTTPS requests at the first IP in our external’s range, and that can’t change.
ACL rules for allowing inbound traffic for ports 25 and 443 to the External IP interface are in place, but the NAT/PAT options to get the inbound traffic to get to the right subnet/interface have got me. I’ve tried various options, but in each case, the second rule submission generates a failure regarding conflicts since the Ext IP already has 1 NAT statement in place.
Obviously I’ve missed something simple; somebody care to be kind to an old man?