Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

SMTP topology

Hi  All,

I  have queries regarding network topology when baracuda and smtp server  are deployed in the network.

exchange  server------(2.1)-ROUTER(3.1)---------(3.2)BARACUDA(4.1)-------4.2)ASA(200.1.1.1)------OUTSIDE

(192.168.2.10)                                                            (192.168.4.1)

static (inside, outside ) tcp interface smtp 192.168.4.1  smtp netmask 255.255.255.255

nat (inside) 1 192.168.2.0 255.255.255.0

global  (inside) 1 interface 

access-list outin extended permit tcp any host  200.1.1.1 eq smtp  

192.168.4.1 is baracuda ip and 192.168.2.10 is exchange  server ip.

My  query is, if baracuda is smtp gateway for exchange server and ASA is  default gateway for exchange server, is this configuration correct ?

Second  query is that its seen cutomers configure that mails from outside come  to baracuda but when mails go to outside it bypass baracuda. So do we  have to some configuration changes or is it these servers setting.

Third query  is in which cases baracuda server being smtp gateway is located at  outside of ASA and what changes will be in the configuation in that case

Any help  would be appreciated.

Thanks in advance.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: SMTP topology

Barracuda can be the smtp gateway but exchange server gateway can be the internal router as long as the router knows how to forward traffic to outside through barracuda.

You can configure it as you like but if one want to barracuda to send mails outside then you would have to configure exchange server with relay host configuration.

Practically it is not a good practice to put barracuda outside ASA as barracuda is a smtp gateway not a perimeter security devices which can filter traffic based on rules and allow and block.

HTH

Sent from Cisco Technical Support iPad App

Bronze

Re: SMTP topology

static (inside,outside) tcp (public ip-address) 25 (internal server ip-address) 25 netmask 255.255.255.255

Access-list out-in extended permit tcp host any (public ip-address used above) eq 25

Access-group out-in in interface outside

Sent from Cisco Technical Support iPad App

3 REPLIES
Bronze

Re: SMTP topology

Barracuda can be the smtp gateway but exchange server gateway can be the internal router as long as the router knows how to forward traffic to outside through barracuda.

You can configure it as you like but if one want to barracuda to send mails outside then you would have to configure exchange server with relay host configuration.

Practically it is not a good practice to put barracuda outside ASA as barracuda is a smtp gateway not a perimeter security devices which can filter traffic based on rules and allow and block.

HTH

Sent from Cisco Technical Support iPad App

Community Member

Re: SMTP topology

Thanks for your reply.

One more question, is the configuration above correct for the inbound and outbound flow of mails?

Bronze

Re: SMTP topology

static (inside,outside) tcp (public ip-address) 25 (internal server ip-address) 25 netmask 255.255.255.255

Access-list out-in extended permit tcp host any (public ip-address used above) eq 25

Access-group out-in in interface outside

Sent from Cisco Technical Support iPad App

387
Views
0
Helpful
3
Replies
CreatePlease to create content