>>>packet-tracer input outside tcp ххх.ххх.ххх.215 25 ххх.ххх.ххх.210 25
>
>Посмотрела, что у Вас адрес xxx.xxx.xxx.210 -- это адрес outside интрфейса:
>ip address outside xxx.xxx.xxx.210 255.255.255.224
>
>То есть Вы главное согласуйте правила статик нат и ACL Вроде согласовал
access-list 101 extended permit tcp any host ххх.ххх.ххх.210 eq smtp
access-group 101 in interface outside
static (intf2,outside) tcp interface smtp 10.10.10.200 smtp netmask 255.255.255.
255
вот результат трэйсинга, в нем опять в фазе 2
NAT divert to egress interface Ethernet2
Untranslate xxx.xxx.xxx.210/25 to 10.10.10.200/25 using netmask 255.255.255.255
хотя дальше все вроде проходит и экшен в конце Allow но соединение все равно не устанавливается
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (intf2,outside) tcp interface smtp 10.10.10.200 smtp netmask 255.255.255.
255
nat-control
match tcp intf2 host 10.10.10.200 eq 25 outside any
static translation to xxx.xxx.xxx.210/25
translate_hits = 0, untranslate_hits = 19
Additional Information:
NAT divert to egress interface Ethernet2
Untranslate xxx.xxx.xxx.210/25 to 10.10.10.200/25 using netmask 255.255.255.255
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group 101 in interface outside
access-list 101 extended permit tcp any host xxx.xxx.xxx.210 eq smtp
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: inspect-smtp
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect esmtp _default_esmtp_map
service-policy global_policy global
Additional Information:
Phase: 6
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (intf2,outside) tcp interface smtp 10.10.10.200 smtp netmask 255.255.255.
255
nat-control
match tcp intf2 host 10.10.10.200 eq 25 outside any
static translation to xxx.xxx.xxx.210/25
translate_hits = 0, untranslate_hits = 19
Additional Information:
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (intf2,outside) tcp interface smtp 10.10.10.200 smtp netmask 255.255.255.
255
nat-control
match tcp intf2 host 10.10.10.200 eq 25 outside any
static translation to xxx.xxx.xxx.210/25
translate_hits = 0, untranslate_hits = 19
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 133, packet dispatched to next module
Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 10.10.10.200 using egress ifc Ethernet2
adjacency Active
next-hop mac address 0010.5a3b.5138 hits 10
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: intf2
output-status: up
output-line-status: up
Action: allow