Solved

How do I terminate mail SSL (993) and forward to internal mail server with Cisco PIX 501

Posted on 2009-07-10
2
483 Views
Last Modified: 2012-05-07
Hello,

I wish to install a certificate for my mail server on our firewall, and have SSL terminate there. This way the DN of the certificate will match the IP of the firewall, which is aliased to our email server. The CISCO PIX firewall then should forward the connection to the mail server (143).

(Internet)                                             (Firewall)                                      (Internal System)
IMAP Client --------993/imaps -------> [Cisco PIX]---------143/imap---------->mail server

Is this possible?

What is the configuration for the certificate and root Certificate? What are the settings for forwarding the packets after SSL is terminated?


TIA!
0
Comment
Question by:wbathurs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 24829785
As far as I know. PIX can't do TLS Reverse Proxy. All you can do is NAT/PAT the inbound connection to the secure port on the inside server.
0
 

Author Closing Comment

by:wbathurs
ID: 31602380
No good suggestions around the issue
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question