Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

moving barracuda spam firewall to ASA DMZ

Greetings, 

 

is there a way to allow traffic from dmz to inside for exchange traffic . I have a barracuda spam firewall that needs to be moved to dmz. barracuda does port forwarding to server b for 443 and smtp traffic goes to server a and server b.  the barracuda in turn is natted to a public ip and that is set to mx. the barracuda is set to have a ip address which is internal to the dmz network , which in turn would be natted to a public ip address. 

 

if i do static(inside,dmz)server a server a netmast 255.255.255.255 will it work so that the traffic from dmz to inside goes to the server a which is a internal lan ip address and when traffic from inside goes to dmz it goes as ip address server a and server b only . 

 

the asa is 5505 and running version 8.2

 

many thanks 

1 REPLY

Yes, you can do the static

Yes, you can do the static nat statement you mentioned.  You will also want to create an access-list for the DMZ interface and allow the barracuda to communicate with your email server on what I'm assuming needs to be port 25.

If your barracuda IP was 172.16.1.10 and your Exchange server was 192.168.1.10 your rule would be something like this:

static (inside,dmz) 192.168.1.10 192.168.1.10 netmask 255.255.255.255

access-list DMZ_in extended permit tcp host 172.16.1.10 host 192.168.1.10 eq 25
access-group DMZ_in in interface dmz

329
Views
0
Helpful
1
Replies
CreatePlease to create content