Solved

SMTP Relay in DMZ to Exchange 2000 ... PIX Config

Posted on 2004-03-23
4
465 Views
Last Modified: 2010-03-05
hey everyone,

I am not sure if I hit the submit button, so I am going to post this question again.  

Can someone post a sample Pix config that allows traffic to flow from the outside to an SMTP relay in a DMZ, which forwards and sends traffic from an internal Exchange 2000 box.  Thanks.
0
Comment
Question by:neowolf219
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 22

Expert Comment

by:kristinaw
ID: 10658666
Do you already have a config in place? Do you have any access-lists already created? Basically, all you need to do is allow traffic on port 25 on the outside interface into your dmz to your smtp relay box. so, you'd have a statement that looks like this:

access-list 101 permit tcp any host 223.100.100.100 eq smtp

in the above example the IP address would be the real IP of the smtp relay box that resides in the DMZ.

You'd then have a line something like this:

access-group 101 in interface outside

In the above line, 'outside' is the name you have given to your outside interface, and 'in' is the direction the traffic is coming, so it's checked when it comes 'in' the interface.

You should also restrict access to what traverses the interface to the internal network, so you'd have similar statements restricting travel from your SMTP relay box to your exchange server.

hth,
kris.
0
 
LVL 22

Accepted Solution

by:
kristinaw earned 500 total points
ID: 10658737
to clarify, you'd also have something like the following to restrict the traffic from the DMZ to the internal network:

access-list 102 permit tcp host 223.100.100.100 host 10.10.10.10 eq smtp

you'd then apply the access list to the interface, possibly as follows:

access-group 102 out interface inside

again, the above line assumes your internal int is name 'inside'. you'll need to modify this to fit your environment.

kris.
0
 
LVL 3

Author Comment

by:neowolf219
ID: 10662007
Thanks kris.  I just had a brain fart, and forgot all about allowing the traffic for the smtp relay to the internal network.  

0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10662271
np. glad to help.
kris.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question