<div>
Thank you Irmoore. &nbsp;I had a feeling I was missing something obvious.
</div>


Thank you Irmoore.  I had a feeling I was missing something obvious.

<div>
<div class="content wysiwyg-content">
I have an ASA 5510 with a DMZ question. &nbsp;DMZ is set up and works for outbound any to any less secure and also inbound https to a dmz host. &nbsp;I need to allow a host in the DMZ to access our internal mail server (smtp) on the inside. &nbsp;When I add the access list to allow the host in the DMZ to contact inside mail server it removes the any to any less secure and stops outbound access to the internet from the DMZ. &nbsp;<br />
My question is how to allow this again? &nbsp;I tried an ACL on DMZ incoming for DMZ hosts to outside but that did not work. &nbsp;I know if I add ACL to allow DMZ hosts to any it allows this but also appears to allow access to the inside for any traffic. &nbsp;Do I need to create access lists for the inside interface in outgoing direction to allow smtp from dmz host and then block everything else? &nbsp; This seems like it would work but seems like a round about way of doing this so I thought I should ask.<br />
<br />
Thanks.
</div>
</div>


I have an ASA 5510 with a DMZ question.  DMZ is set up and works for outbound any to any less secure and also inbound https to a dmz host.  I need to allow a host in the DMZ to access our internal mail server (smtp) on the inside.  When I add the access list to allow the host in the DMZ to contact inside mail server it removes the any to any less secure and stops outbound access to the internet from the DMZ.  
My question is how to allow this again?  I tried an ACL on DMZ incoming for DMZ hosts to outside but that did not work.  I know if I add ACL to allow DMZ hosts to any it allows this but also appears to allow access to the inside for any traffic.  Do I need to create access lists for the inside interface in outgoing direction to allow smtp from dmz host and then block everything else?   This seems like it would work but seems like a round about way of doing this so I thought I should ask.

Thanks.

ASA 5510 DMZ

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.