10-30-2007 09:25 AM - edited 03-03-2019 05:33 AM
I have this configuration on my ASA :
- outside (WAN) : 10.0.0.254
- inside (LAN) : 192.168.100.254
- dmz : 192.168.110.254
In my DMZ, I have a https server which can be accesible from internet. So I have created a nat rule to redirect the port 443 :
#> sh run static
static (DMZ,WAN) tcp interface https 192.168.110.1netmask 255.255.255.255
Moreover I have created a rule in the security policy to permit the https connection from WAN to DMZ.
My problem is that the https server can't send a mail from the DMZ. I have created this rule in the security policy but without effect :
FROM :
server 192.168.110.1
in the DMZ
on the port any
TO :
any
in the WAN
on the port 25
ACTION : permit
When I do a telnet on the port 25 of a smtp server, I have a message TCP TIMEOUT in the live log.
What is the problem ?
Thanks for your help
10-30-2007 09:37 AM
Your acl is something like this?
access-list dmz_to_outside permit tcp host 192.168.110.1 any eq 25
I would check a couple of things: How and where is the acl applied? Will you need DNS? Check the hit count on the ACL.
10-31-2007 01:51 AM
I have created your access-list rule without effect ... I try to answer to your questions (sorry, I an a novice in cisco management)
1) How and where is the acl applied ?
I don't know !!! In fact, I think that I don't really know what the acl is !!! Is it the same think that the security policy ?
2) Will you need DNS ?
Yes. But DNS isn't a problem because I have created rule to check dns in my LAN and the DNS requests are OK (for example with a nslookup on my server)
3) Check the hit count
What is the hit count ?
Sorry for my gaps !!!
Thanks for your help
10-31-2007 03:44 AM
I have solved my problem !!! I have created this nat rule :
static (DMZ,WAN) 10.0.0.100 192.168.110.1 netmask 255.255.255.255
Then I have created 2 rule in the security policy to open the ports 443 and 25.
So the server is accessible from internet and it can be send email !!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: