ASA 5510 DMZ

I have an ASA 5510 with a DMZ question.  DMZ is set up and works for outbound any to any less secure and also inbound https to a dmz host.  I need to allow a host in the DMZ to access our internal mail server (smtp) on the inside.  When I add the access list to allow the host in the DMZ to contact inside mail server it removes the any to any less secure and stops outbound access to the internet from the DMZ.  
My question is how to allow this again?  I tried an ACL on DMZ incoming for DMZ hosts to outside but that did not work.  I know if I add ACL to allow DMZ hosts to any it allows this but also appears to allow access to the inside for any traffic.  Do I need to create access lists for the inside interface in outgoing direction to allow smtp from dmz host and then block everything else?   This seems like it would work but seems like a round about way of doing this so I thought I should ask.

Thanks.
PaulSandAsked:
Who is Participating?
 
lrmooreCommented:
The acl would look something like this:

access-list dmz_acl permit tcp host <dmz host ip> host <inside mail server ip> eq 25
access-list dmz_acl deny ip host <dmz host ip> <inside LAN subnet> <mask>
access-list dmz_acl permit ip any any
global (dmz) 1 interface

0
 
PaulSandAuthor Commented:
Thank you Irmoore.  I had a feeling I was missing something obvious.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.