Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SMTP Relay in DMZ to Exchange 2000 ... PIX Config

Posted on 2004-03-23
4
Medium Priority
?
467 Views
Last Modified: 2010-03-05
hey everyone,

I am not sure if I hit the submit button, so I am going to post this question again.  

Can someone post a sample Pix config that allows traffic to flow from the outside to an SMTP relay in a DMZ, which forwards and sends traffic from an internal Exchange 2000 box.  Thanks.
0
Comment
Question by:neowolf219
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 22

Expert Comment

by:kristinaw
ID: 10658666
Do you already have a config in place? Do you have any access-lists already created? Basically, all you need to do is allow traffic on port 25 on the outside interface into your dmz to your smtp relay box. so, you'd have a statement that looks like this:

access-list 101 permit tcp any host 223.100.100.100 eq smtp

in the above example the IP address would be the real IP of the smtp relay box that resides in the DMZ.

You'd then have a line something like this:

access-group 101 in interface outside

In the above line, 'outside' is the name you have given to your outside interface, and 'in' is the direction the traffic is coming, so it's checked when it comes 'in' the interface.

You should also restrict access to what traverses the interface to the internal network, so you'd have similar statements restricting travel from your SMTP relay box to your exchange server.

hth,
kris.
0
 
LVL 22

Accepted Solution

by:
kristinaw earned 2000 total points
ID: 10658737
to clarify, you'd also have something like the following to restrict the traffic from the DMZ to the internal network:

access-list 102 permit tcp host 223.100.100.100 host 10.10.10.10 eq smtp

you'd then apply the access list to the interface, possibly as follows:

access-group 102 out interface inside

again, the above line assumes your internal int is name 'inside'. you'll need to modify this to fit your environment.

kris.
0
 
LVL 3

Author Comment

by:neowolf219
ID: 10662007
Thanks kris.  I just had a brain fart, and forgot all about allowing the traffic for the smtp relay to the internal network.  

0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10662271
np. glad to help.
kris.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question