ASA 5520 configuration for Exchange server
Posted on 2011-02-16
I have currently set up an Exchangeserver 2003 in the INSIDE interface of my ASA 5520, I have an SMTP connector for all my external email to an Email Gate in a different interface called MAIL, and then from this second interface I connect to internet through OUTSIDE interface to WEBSENSE, a hosting provider.
I want to remove the intermediate step, and connect the Exchange server with the SMTP connector right to the hosting provider.
I know I have to set up the SMTP connector to the smart host of my hosting, WEBSENSE(the same I had in the email gate)
These are the ACLs I have currently running:
access-list acl_inside extended permit tcp host xx.xx.16.202 host xx.xx.100.199 eq smtp //to MAIL interface, internal NIC
access-list mail_access_in extended permit tcp host 192.168.100.99 any eq smtp // external NIC in the mail Gate server
access-list mail_access_in extended permit tcp host xx.xx.100.199 host xx.xx.16.202 eq smtp // connection from exchangeserver in INSIDE
access-list mail_access_out extended permit tcp host xx.xx.16.202 host xx.xx.100.199 eq smtp // connection to exchangeser in INSIDE
access-list tfs_access_out extended permit tcp object-group Websense_Servers_ref host xx.xx.100.99 eq smtp //connection to my web hosting from mail gate server external NIC
access-list acl_outside extended permit tcp object-group Websense_Servers host xx.xx.245.141 eq smtp // connection for web hosting WEBSENSE from internet to send emails to my email gate server in MAIL interface, to his public ip address
I'd like to have all incoming email directly addressed to my exchangeserver, and all outgoing email sent to WEBSENSE servers, with no mail gate server in the middle.
I tried changing NAT, so the public address now translate to my exchangeserver, and created ACLs to permit traffic INSIDE-OUTSIDE for smtp, but I couldn't make it work.
What am I doing wrong?