Solved

SMTP Relay in DMZ to Exchange 2000 ... PIX Config

Posted on 2004-03-23
4
460 Views
Last Modified: 2010-03-05
hey everyone,

I am not sure if I hit the submit button, so I am going to post this question again.  

Can someone post a sample Pix config that allows traffic to flow from the outside to an SMTP relay in a DMZ, which forwards and sends traffic from an internal Exchange 2000 box.  Thanks.
0
Comment
Question by:neowolf219
  • 3
4 Comments
 
LVL 22

Expert Comment

by:kristinaw
ID: 10658666
Do you already have a config in place? Do you have any access-lists already created? Basically, all you need to do is allow traffic on port 25 on the outside interface into your dmz to your smtp relay box. so, you'd have a statement that looks like this:

access-list 101 permit tcp any host 223.100.100.100 eq smtp

in the above example the IP address would be the real IP of the smtp relay box that resides in the DMZ.

You'd then have a line something like this:

access-group 101 in interface outside

In the above line, 'outside' is the name you have given to your outside interface, and 'in' is the direction the traffic is coming, so it's checked when it comes 'in' the interface.

You should also restrict access to what traverses the interface to the internal network, so you'd have similar statements restricting travel from your SMTP relay box to your exchange server.

hth,
kris.
0
 
LVL 22

Accepted Solution

by:
kristinaw earned 500 total points
ID: 10658737
to clarify, you'd also have something like the following to restrict the traffic from the DMZ to the internal network:

access-list 102 permit tcp host 223.100.100.100 host 10.10.10.10 eq smtp

you'd then apply the access list to the interface, possibly as follows:

access-group 102 out interface inside

again, the above line assumes your internal int is name 'inside'. you'll need to modify this to fit your environment.

kris.
0
 
LVL 3

Author Comment

by:neowolf219
ID: 10662007
Thanks kris.  I just had a brain fart, and forgot all about allowing the traffic for the smtp relay to the internal network.  

0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10662271
np. glad to help.
kris.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cannot send E-mails to one company 15 55
Exchange 2016 update stuck at 0% 9 24
Exchange 2013 no Outlook, OWA, ECP Access for any user 3 97
Doubt. 2 53
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now