Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Routing email from the internet to exchange server in DMZ

I have an exchange server sitting in my DMZ, IP addy 10.x.x.x. In my pix I made a static(DMZ,outside) 10.x.x.x 208.x.x.x, to NAT the 10.x.x.x addy to a public IP of 208.x.x.x, also in the PIX i added acl putside permit tcp any 208.x.x.x eq smtp. In my outside router i added a permit tcp any 208.x.x.x eq smtp entry. Will this work? Any help would be great.

5 REPLIES

Re: Routing email from the internet to exchange server in DMZ

The configuration is correct for the most part except the static where the addresses are reversed. The mapped address should be the first one followed by the real address of the server. The syntax should be..

static(DMZ,outside) 208.x.x.x 10.x.x.x

HTH

Sundar

New Member

Re: Routing email from the internet to exchange server in DMZ

Thanks Sundar,

So making the change you suggested, why would I not be getting mail across? Are there any other entries I could make?

New Member

Re: Routing email from the internet to exchange server in DMZ

Can you make sense of this, i think smtp is allowed in but not out, what entries would i make?

Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3743 dst outside:216.39.53.2/25 by access-group "DMZ"

Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3744 dst outside:209.191.118.103/25 by access-group "DMZ"

Re: Routing email from the internet to exchange server in DMZ

Add this entry to the DMZ access list to allow traffic out from the server.

access-list DMZ permit tcp host any eq smtp

HTH

Sundar

New Member

Re: Routing email from the internet to exchange server in DMZ

Thanks a lot Sundar!

115
Views
0
Helpful
5
Replies
CreatePlease to create content