I am bit confused on terminology and how to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us.
I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source (192.168.0.131) with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem. I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits. So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit
I am including a screenshot showing the two rules. Again, I have my machine permitted at the moment, but it does not matter if it was set to deny. I was still any to browse.
So it is an outgoing rule on the inside interface? When I create this, I am guessing it will do the same as before and create a implicit rule that I will need to revise, correct? Since it is on the inside interface, does this impact servers internally communicating with our Exchange server? A bit of detail here just in case that is not clear... I have several, actually many servers that point to the Exchange server to send mail. An example being our Web Server (IIS). Do I need to add each of these servers to the permit rule or does the rule ONLY effect traffic going outside the network (even though it is on the internal interface).
The servers that communicate with Exchange (like IIS) is all internal. Thanks!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...