Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
0
Helpful
5
Replies

Seperate Mail Flow for Emails through TLS and Non-TLS destination domains.

raheel1777
Level 1
Level 1

‎05-17-2016 12:18 PM

We have recently purchased Cisco ESA 6000v. We want to implement ESA in such a way that there are separate email flow for outgoing emails for TLS and Non-TLS destination domains.

For TLS the destination domains should be resolved through publically available DNS.

For Non-TLS destination domains email should be handed over to ISP for further sending to destinations.

Please suggest how to implement above scenario in ESA for outbound emails.

Labels:
0 Helpful
5 Replies 5

Mathew Huynh
Cisco Employee
Cisco Employee

‎05-18-2016 05:35 PM

Hello Raheel,,

You can set this up on your ESA via the GUI > Mail Policies > Destination Controls

Where you can set a default or create entries for those domains which you wish to use TLS for.

Essentially create entries for your domains to be handed to ISP to have TLS disabled, while setting the Default setting to TLS enabled.

Regards,

Matthew

0 Helpful

raheel1777
Level 1
Level 1
In response to Mathew Huynh

‎05-18-2016 09:19 PM

Thanks for the reply. Yes you are right we can enforce TLS for outbound through destination control.

1 - But my main question is that where we will control that destination TLS domain should be resolved through eg. google DNS.

2- Without TLS domain should be handed over to ISP IP address eg. 10.1.1.1 where no DNS resolve action for destination domain is required.

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to raheel1777

‎05-18-2016 09:22 PM

Hello Raheel,

Thank you for your clarification.

On the ESA the only options to enforce TLS for outgoing is by domain through the destination control usage.

Regards,

Matthew

0 Helpful

raheel1777
Level 1
Level 1
In response to Mathew Huynh

‎05-18-2016 09:40 PM

Thanks for your reply.

Ok let me put the question other way that how we can separate mail flow of two different destination domains. One through ISP and second through MX resolve through some public DNS.

Please suggest separate mail flow paths configuration.

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to raheel1777

‎05-18-2016 09:52 PM

Hello Raheel,

From the ESA i do not believe it is possible to distinguish emails which will be send through ISP and through MX (from Public DNS) through a feature means to make those setting requirements.

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents