Our current setup, which is being used until I get the new hardware working, is such that we have two routers with the internal router providing NAT and static routes to specific inside servers such as the web server and the mail server. No DMZ, just an inside and an outside network.
I am creating a new perimeter setup for our move to a new ISP and new hardware. I have a 1721 connecting to the ISP and several routable IPs provided by the ISP. Behind the 1721 I have a PIX 515E which creates a perimeter network for me with an outside, dmz, and inside networks.
I am having a hard time trying to figure out what would be the best scenario for our Lotus Notes email server. Should I place the server in the DMZ where it could do its work. Will I have problems with clients communicating with the email server in the DMZ? Or is a better solution to keep the server on the inside and put some kind of an email relay server in the DMZ? Our Lotus Notes server is more then just an email server, it also holds a few Lotus Notes databases and documents.
I guess I am looking for a best practice scenario.
Well what the documentation says and what I have been reading is to put an email server on a DMZ.
What we have been looking at is putting a (linux) mail relay on the DMZ to relay email from outside to the inside. So mail would come in from internet to DMZ mail relay then to "inside" of our network. This way we could filter and all of that jazz. If we somehow got hacked it would be the relay and not the mail server.
Thanks for the reply. At this point I am testing with IIS 5.0 SMTP. I am however unable to figure out how to pass/relay email into the inside network. I am not sure how I could let the relay server know where the actual mail server is located.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...