?
Solved

ASA 5510 DMZ

Posted on 2008-11-16
2
Medium Priority
?
757 Views
Last Modified: 2012-05-05
I have an ASA 5510 with a DMZ question.  DMZ is set up and works for outbound any to any less secure and also inbound https to a dmz host.  I need to allow a host in the DMZ to access our internal mail server (smtp) on the inside.  When I add the access list to allow the host in the DMZ to contact inside mail server it removes the any to any less secure and stops outbound access to the internet from the DMZ.  
My question is how to allow this again?  I tried an ACL on DMZ incoming for DMZ hosts to outside but that did not work.  I know if I add ACL to allow DMZ hosts to any it allows this but also appears to allow access to the inside for any traffic.  Do I need to create access lists for the inside interface in outgoing direction to allow smtp from dmz host and then block everything else?   This seems like it would work but seems like a round about way of doing this so I thought I should ask.

Thanks.
0
Comment
Question by:PaulSand
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 400 total points
ID: 22971402
The acl would look something like this:

access-list dmz_acl permit tcp host <dmz host ip> host <inside mail server ip> eq 25
access-list dmz_acl deny ip host <dmz host ip> <inside LAN subnet> <mask>
access-list dmz_acl permit ip any any
global (dmz) 1 interface

0
 

Author Closing Comment

by:PaulSand
ID: 31517242
Thank you Irmoore.  I had a feeling I was missing something obvious.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question