I think I have worked the below out. :) Please ignore this post :)
Hi, We have a C300 and I am trying to set it up as our mail gateway with mail policies etc. I am hoping someone will be able to help me understand the product a little more. I have been reading the user guides however I am still confused on Listeners. The Device sites behind a firewall and we have a public address that is NAT'd to the private / dmz address. This is on Interface Data 1. I also have the management port on another DMZ subnet address. I have managed to get the device to recieve emails for one of our domains. So I know the inbound works. However when I try to send out via the device I get an error "Fri Oct 26 09:54:36 2007 Info: MID 6787851 ICID 9603726 To: <xxxx> Rejected by RAT" On our exchange server I have had to create an SMTP connector to send any mail for my gmail address to the new Ironport device. I have done this so I can test outgoing mail without affecting our current production system. I did add the domain gmail.com to the RAT and the email did get sent and I recieved it in my gmail account. However I don't think this is correct as I would then need to add every single domain that our company sends email to into the RAT (not a viable solution). I read about the listeners and it says that I should have one listener for Incomming (Public) and one for outgoing (private). To have these on the same Subnet they need to have different ports. How do I make sure that any outbound email's from my exchange server is sent to the outbound listener on the Ironport device on it's different port? Would a better solution be to setup the Data 2 interface on another subnet and then setup a private listener on this interface. How would I then make sure it routes out Data 1 to get to the Internet? I hope this makes some sort of sense to you and someone may be able to fill in the blanks that I am having. Let me know if I need to clarify anything better.
You do not need to setup a new listener for outbound email. The same listener can be configured to process outbound email. You need to create a new 'sendergroup' and 'mail flow policy' for the Ironport to handle outbound email.
Create a new mail flow policy as follows: - Go to 'Mail Policies -> HAT overview' link in GUI. - Select the Mail Flow Policies link, beneath the HAT Overview. - Click the Add Policy button. - Name the policy. - Set connection Behavior set to RELAY. - In the Security Features, turn on Virus Protection and disable Spam Protection. - Submit and commit changes.
Create a new sendergroup as follows: - Go to 'Mail Policies -> HAT overview' link in GUI. - Add a new Sender Group and set the order # to 1. Associate the new mail flow policy(created above) to this sendergroup. - Submit and commit changes.
Now click on the new sendergroup and add the ip address of the exchange server to this sendergroup. Once again, submit and commit changes.
Also, make sure you remove 'gmail.com' from the RAT. You appliance is currently an open relay for domain 'gmail.com'.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...