A newly configured cisco firewall (using the UC520), I need to configure rules for mail server.

- SMTP server (for incoming email)
- RPC over http (outlook anywhere)
- OWA publishing (publish)
- Active Sync (for mobile devices)

I have access to the firewall using serial cable.

Using sample a) external and internal IP's. b) wan and lan ports, c)  domain names, can someone help with the command lines for this?
Who is Participating?
Vito_CorleoneConnect With a Mentor Commented:
Ok, so you also need Static NAT statements. Do you have multiple public IPs to use? Here is a sample:

ip nat inside source static tcp <inside IP> <inside port> <outside IP or interface> <outside port>

ip nat inside source static tcp 8081 8081
ip nat inside source static tcp 3389 interface fa0/0 3389

If you have multiple publics, you could do 1:! NAT like this:
ip nat inside source static <inside IP> <outside IP>
ip nat inside source static
ip nat inside source static

Then you would allow these protocols in the OUTSIDE_IN ACL.

If you need more, please provide more information or a more detailed description.

Please uploaded a blank config so we can verify ports and syntanx
whocaresaboutitAuthor Commented:
it's a uc520... so, because it's both data and phones the basic config is veeeery lengthy...
You said firewall, so are you using CBAC? If so, here's a sample config:
ip access-list extended OUTSIDE_IN
 deny   ip host any
 deny   ip any
 deny   ip any
 deny   ip any
 deny   ip any
 deny   ip any
 deny   ip any
 permit icmp any any echo-reply
 permit icmp any any time-exceeded
 deny   ip any any
ip inspect name INBOUND smtp
ip inspect name INBOUND ftp
ip inspect name INBOUND tcp
ip inspect name INBOUND udp
ip inspect name INBOUND icmp
ip inspect name INBOUND rpc
interface Fa0/0
 desc Outside Interface
 ip inspect INBOUND out

This gives you an ACL blocking nearly everything inbound, which you would modify to allow the ports you will be using. It then has a CBAC (inspect) config to watch the traffic going out and open the incoming ports it will need. You can use CBAC to match various traffic, it will depend mostly on your IOS version.
whocaresaboutitAuthor Commented:
Something seems to be missing though. This goes as far as allowing inbound traffic for those protocols.

We need to route all of those requests to the mail server sitting behind the firewall, right?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.