Link to home
Start Free TrialLog in
Avatar of neowolf219
neowolf219Flag for United States of America

asked on

SMTP Relay in DMZ to Exchange 2000 ... PIX Config

hey everyone,

I am not sure if I hit the submit button, so I am going to post this question again.  

Can someone post a sample Pix config that allows traffic to flow from the outside to an SMTP relay in a DMZ, which forwards and sends traffic from an internal Exchange 2000 box.  Thanks.
Avatar of kristinaw
kristinaw
Flag of United States of America image

Do you already have a config in place? Do you have any access-lists already created? Basically, all you need to do is allow traffic on port 25 on the outside interface into your dmz to your smtp relay box. so, you'd have a statement that looks like this:

access-list 101 permit tcp any host 223.100.100.100 eq smtp

in the above example the IP address would be the real IP of the smtp relay box that resides in the DMZ.

You'd then have a line something like this:

access-group 101 in interface outside

In the above line, 'outside' is the name you have given to your outside interface, and 'in' is the direction the traffic is coming, so it's checked when it comes 'in' the interface.

You should also restrict access to what traverses the interface to the internal network, so you'd have similar statements restricting travel from your SMTP relay box to your exchange server.

hth,
kris.
ASKER CERTIFIED SOLUTION
Avatar of kristinaw
kristinaw
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of neowolf219

ASKER

Thanks kris.  I just had a brain fart, and forgot all about allowing the traffic for the smtp relay to the internal network.  

np. glad to help.
kris.