This question was opened due the question below.
I need to config the dmz with web and exchange 2003 with the pix.
Pix------DMZ with I want to put the web server and ftp server here and use Port redirection
Private Lan(inside) with Active Directory DC, and DNS, "EXCHANGE 2003"
Two public IPs one for F/0 and one for outside pix. Please help with the config below.
ip address outside public_ip
ip address inside 192.168.10.1 255.255.255.0
ip address dmz 172.16.10.1 255.255.255.0 ????? Is this subnet right
object-group service Web_Mail_Server tcp
Port-object eq www
Port-object eq https
Port-object eq ftp
Port-object eq email
access-list outside_in permit tcp any any object-group Web_Mail_Server
access-list outside_in deny ip any any
access-group outside_in in interface outside
access-list dmz_in permit ip any host 172.16.10.2 ?? or more restrictive
access-list dmz_in deny ip any any
access-list no_nat permit ip 192.168.10.0 255.255.255.0 host 172.16.20.2
nat (inside) 0 access-list no_nat
nat (inside) 2 0 0
nat (dmz) 2 0 0 ??? do i need this
static (dmz, outside) tcp interface www 172.16.10.2 www
static (dmz, outside) tcp interface ftp 172.16.10.2 ftp
static (inside, outside) tcp interface smtp 192.168.10.2 smtp
static (inside, outside) tcp interface https 192.168.10.2 https ??? How would i redirect https for OWA.