PaulSand
asked on
ASA 5510 DMZ
I have an ASA 5510 with a DMZ question. DMZ is set up and works for outbound any to any less secure and also inbound https to a dmz host. I need to allow a host in the DMZ to access our internal mail server (smtp) on the inside. When I add the access list to allow the host in the DMZ to contact inside mail server it removes the any to any less secure and stops outbound access to the internet from the DMZ.
My question is how to allow this again? I tried an ACL on DMZ incoming for DMZ hosts to outside but that did not work. I know if I add ACL to allow DMZ hosts to any it allows this but also appears to allow access to the inside for any traffic. Do I need to create access lists for the inside interface in outgoing direction to allow smtp from dmz host and then block everything else? This seems like it would work but seems like a round about way of doing this so I thought I should ask.
Thanks.
My question is how to allow this again? I tried an ACL on DMZ incoming for DMZ hosts to outside but that did not work. I know if I add ACL to allow DMZ hosts to any it allows this but also appears to allow access to the inside for any traffic. Do I need to create access lists for the inside interface in outgoing direction to allow smtp from dmz host and then block everything else? This seems like it would work but seems like a round about way of doing this so I thought I should ask.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER