cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
439
Views
0
Helpful
3
Replies

How to send a mail from a DMZ ...

mathieu47
Level 1
Level 1

I have this configuration on my ASA :

- outside (WAN) : 10.0.0.254

- inside (LAN) : 192.168.100.254

- dmz : 192.168.110.254

In my DMZ, I have a https server which can be accesible from internet. So I have created a nat rule to redirect the port 443 :

#> sh run static

static (DMZ,WAN) tcp interface https 192.168.110.1netmask 255.255.255.255

Moreover I have created a rule in the security policy to permit the https connection from WAN to DMZ.

My problem is that the https server can't send a mail from the DMZ. I have created this rule in the security policy but without effect :

FROM :

server 192.168.110.1

in the DMZ

on the port any

TO :

any

in the WAN

on the port 25

ACTION : permit

When I do a telnet on the port 25 of a smtp server, I have a message TCP TIMEOUT in the live log.

What is the problem ?

Thanks for your help

3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

Your acl is something like this?

access-list dmz_to_outside permit tcp host 192.168.110.1 any eq 25

I would check a couple of things: How and where is the acl applied? Will you need DNS? Check the hit count on the ACL.

I have created your access-list rule without effect ... I try to answer to your questions (sorry, I an a novice in cisco management)

1) How and where is the acl applied ?

I don't know !!! In fact, I think that I don't really know what the acl is !!! Is it the same think that the security policy ?

2) Will you need DNS ?

Yes. But DNS isn't a problem because I have created rule to check dns in my LAN and the DNS requests are OK (for example with a nslookup on my server)

3) Check the hit count

What is the hit count ?

Sorry for my gaps !!!

Thanks for your help

I have solved my problem !!! I have created this nat rule :

static (DMZ,WAN) 10.0.0.100 192.168.110.1 netmask 255.255.255.255

Then I have created 2 rule in the security policy to open the ports 443 and 25.

So the server is accessible from internet and it can be send email !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: