Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to direct SMTP traffic to Exchange Server with 2 NICs behind a Router a

I need to create access to a new Exchange Server. The server has 2 network cards (NICs). One with internal IP and the other with a public IP. My network is as follows:- Internet <--> Cisco Router <--> PIX 515E <--> Switch --> LAN. The Router has a public IP on the outside interface and a private IP on the inside. The PIX has private IPs on both interfaces on different subnets.

The router and the pix both have only 2 interface ports. I cannot create a DMZ on a separate interface.

How do I safely connect the Exchange Server to the network? Do I physically connect the cables from both NICs to the LAN? Or do I have to install a switch between the Router and the PIX and then connect the Public NIC to the switch? How do I route traffic through the Router and the PIX to the Mail Server? Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: How to direct SMTP traffic to Exchange Server with 2 NICs be

if you are not able to create a DMZ then at any point you are in a risk as either you are statically translating the Exchange Front End which is in INSIDE and providing inbound access to the INSIDE from the Internet else if also you enable routing in the Exchange server and connect one NIC of the server to the Public segment bypassing the firewall that also is a risk as if your server is compromised your total inside network is compromised. Its better to get a interface to be used for DMZ and place the Exchange Front End in the DMZ.

3 REPLIES
New Member

Re: How to direct SMTP traffic to Exchange Server with 2 NICs be

if you are not able to create a DMZ then at any point you are in a risk as either you are statically translating the Exchange Front End which is in INSIDE and providing inbound access to the INSIDE from the Internet else if also you enable routing in the Exchange server and connect one NIC of the server to the Public segment bypassing the firewall that also is a risk as if your server is compromised your total inside network is compromised. Its better to get a interface to be used for DMZ and place the Exchange Front End in the DMZ.

New Member

Re: How to direct SMTP traffic to Exchange Server with 2 NICs be

Since I cannot install a another interface on the PIX or Router to create a DMZ, What can you advise as the best practicable option here? Do I need to install a switch between the Router and the PIX?

New Member

Re: How to direct SMTP traffic to Exchange Server with 2 NICs be

Problem solved. I have successfully configured the router and pix and can now send and receive mails via the exchange server using only the internal IP (1 NIC). I got some more hint from http://www.firewall.cx/ftopict-5821.html

This person had the same scenario like me. I'll still work on getting a DMZ later for better security.

423
Views
0
Helpful
3
Replies
CreatePlease to create content