Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPsec between FE & BE

hello every one

i am setting up a FE& BE Exchange topology on my network.

The Scenario is as following

1- i have my front end exchange on DMZ area and back end exchange on Protected lan

2- i have ASA5540 as my firewall

3- Natting is implied on the 3 of ASA5540 interfaces (outside,dmz and lan)

4- i need to secure connection using (IPSec tunnel ) between the Fe/Be exchange through ASA5540

how would i do that?

NB: moving the Front end exchange to protected lan is none an option

thank you


Re: IPsec between FE & BE

I think the Front - End exchange server is in the DMZ and then I suppose that you need to have clients and other exchange server communicating to this Front- End device so I don't know that is the Front - End exchange server ip address, and my assumption is that the clients are in the inside.

What ever you need to do this is what we need to keep on mind:

1. If you want to have communication between the inside and the DMZ device is to have dynamic nat ex.

nat (inside) 1 IP 0 0

global (DMZ) 1 interface and permit the traffic in the outbound and dmz-in access-list

2. If you want to have access to have traffic from outside to DMZ we need to have a static translation static (inside,outside) public ip address internal ip address netmask

and permit traffic in the inbound access-list