Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

moving barracuda spam firewall to ASA DMZ



is there a way to allow traffic from dmz to inside for exchange traffic . I have a barracuda spam firewall that needs to be moved to dmz. barracuda does port forwarding to server b for 443 and smtp traffic goes to server a and server b.  the barracuda in turn is natted to a public ip and that is set to mx. the barracuda is set to have a ip address which is internal to the dmz network , which in turn would be natted to a public ip address. 


if i do static(inside,dmz)server a server a netmast will it work so that the traffic from dmz to inside goes to the server a which is a internal lan ip address and when traffic from inside goes to dmz it goes as ip address server a and server b only . 


the asa is 5505 and running version 8.2


many thanks 


Yes, you can do the static

Yes, you can do the static nat statement you mentioned.  You will also want to create an access-list for the DMZ interface and allow the barracuda to communicate with your email server on what I'm assuming needs to be port 25.

If your barracuda IP was and your Exchange server was your rule would be something like this:

static (inside,dmz) netmask

access-list DMZ_in extended permit tcp host host eq 25
access-group DMZ_in in interface dmz

CreatePlease to create content