Solved

SMTP Relay in DMZ to Exchange 2000 ... PIX Config

Posted on 2004-03-23
4
459 Views
Last Modified: 2010-03-05
hey everyone,

I am not sure if I hit the submit button, so I am going to post this question again.  

Can someone post a sample Pix config that allows traffic to flow from the outside to an SMTP relay in a DMZ, which forwards and sends traffic from an internal Exchange 2000 box.  Thanks.
0
Comment
Question by:neowolf219
  • 3
4 Comments
 
LVL 22

Expert Comment

by:kristinaw
ID: 10658666
Do you already have a config in place? Do you have any access-lists already created? Basically, all you need to do is allow traffic on port 25 on the outside interface into your dmz to your smtp relay box. so, you'd have a statement that looks like this:

access-list 101 permit tcp any host 223.100.100.100 eq smtp

in the above example the IP address would be the real IP of the smtp relay box that resides in the DMZ.

You'd then have a line something like this:

access-group 101 in interface outside

In the above line, 'outside' is the name you have given to your outside interface, and 'in' is the direction the traffic is coming, so it's checked when it comes 'in' the interface.

You should also restrict access to what traverses the interface to the internal network, so you'd have similar statements restricting travel from your SMTP relay box to your exchange server.

hth,
kris.
0
 
LVL 22

Accepted Solution

by:
kristinaw earned 500 total points
ID: 10658737
to clarify, you'd also have something like the following to restrict the traffic from the DMZ to the internal network:

access-list 102 permit tcp host 223.100.100.100 host 10.10.10.10 eq smtp

you'd then apply the access list to the interface, possibly as follows:

access-group 102 out interface inside

again, the above line assumes your internal int is name 'inside'. you'll need to modify this to fit your environment.

kris.
0
 
LVL 3

Author Comment

by:neowolf219
ID: 10662007
Thanks kris.  I just had a brain fart, and forgot all about allowing the traffic for the smtp relay to the internal network.  

0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10662271
np. glad to help.
kris.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now