Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SMTP Relay in DMZ to Exchange 2000 ... PIX Config

Posted on 2004-03-23
4
463 Views
Last Modified: 2010-03-05
hey everyone,

I am not sure if I hit the submit button, so I am going to post this question again.  

Can someone post a sample Pix config that allows traffic to flow from the outside to an SMTP relay in a DMZ, which forwards and sends traffic from an internal Exchange 2000 box.  Thanks.
0
Comment
Question by:neowolf219
  • 3
4 Comments
 
LVL 22

Expert Comment

by:kristinaw
ID: 10658666
Do you already have a config in place? Do you have any access-lists already created? Basically, all you need to do is allow traffic on port 25 on the outside interface into your dmz to your smtp relay box. so, you'd have a statement that looks like this:

access-list 101 permit tcp any host 223.100.100.100 eq smtp

in the above example the IP address would be the real IP of the smtp relay box that resides in the DMZ.

You'd then have a line something like this:

access-group 101 in interface outside

In the above line, 'outside' is the name you have given to your outside interface, and 'in' is the direction the traffic is coming, so it's checked when it comes 'in' the interface.

You should also restrict access to what traverses the interface to the internal network, so you'd have similar statements restricting travel from your SMTP relay box to your exchange server.

hth,
kris.
0
 
LVL 22

Accepted Solution

by:
kristinaw earned 500 total points
ID: 10658737
to clarify, you'd also have something like the following to restrict the traffic from the DMZ to the internal network:

access-list 102 permit tcp host 223.100.100.100 host 10.10.10.10 eq smtp

you'd then apply the access list to the interface, possibly as follows:

access-group 102 out interface inside

again, the above line assumes your internal int is name 'inside'. you'll need to modify this to fit your environment.

kris.
0
 
LVL 3

Author Comment

by:neowolf219
ID: 10662007
Thanks kris.  I just had a brain fart, and forgot all about allowing the traffic for the smtp relay to the internal network.  

0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10662271
np. glad to help.
kris.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question