IPsec between FE & BE

Unanswered Question
Sep 2nd, 2007
User Badges:

hello every one


i am setting up a FE& BE Exchange topology on my network.


The Scenario is as following

1- i have my front end exchange on DMZ area and back end exchange on Protected lan

2- i have ASA5540 as my firewall

3- Natting is implied on the 3 of ASA5540 interfaces (outside,dmz and lan)


4- i need to secure connection using (IPSec tunnel ) between the Fe/Be exchange through ASA5540

how would i do that?


NB: moving the Front end exchange to protected lan is none an option


thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Fri, 09/07/2007 - 10:08
User Badges:
  • Bronze, 100 points or more

I think the Front - End exchange server is in the DMZ and then I suppose that you need to have clients and other exchange server communicating to this Front- End device so I don't know that is the Front - End exchange server ip address, and my assumption is that the clients are in the inside.


What ever you need to do this is what we need to keep on mind:


1. If you want to have communication between the inside and the DMZ device is to have dynamic nat ex.

nat (inside) 1 IP 255.255.255.0 0 0

global (DMZ) 1 interface and permit the traffic in the outbound and dmz-in access-list


2. If you want to have access to have traffic from outside to DMZ we need to have a static translation static (inside,outside) public ip address internal ip address netmask 255.255.255.255

and permit traffic in the inbound access-list


Actions

This Discussion