Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to send a mail from a DMZ ...

I have this configuration on my ASA :

- outside (WAN) :

- inside (LAN) :

- dmz :

In my DMZ, I have a https server which can be accesible from internet. So I have created a nat rule to redirect the port 443 :

#> sh run static

static (DMZ,WAN) tcp interface https

Moreover I have created a rule in the security policy to permit the https connection from WAN to DMZ.

My problem is that the https server can't send a mail from the DMZ. I have created this rule in the security policy but without effect :



in the DMZ

on the port any

TO :


in the WAN

on the port 25

ACTION : permit

When I do a telnet on the port 25 of a smtp server, I have a message TCP TIMEOUT in the live log.

What is the problem ?

Thanks for your help


Re: How to send a mail from a DMZ ...

Your acl is something like this?

access-list dmz_to_outside permit tcp host any eq 25

I would check a couple of things: How and where is the acl applied? Will you need DNS? Check the hit count on the ACL.

New Member

Re: How to send a mail from a DMZ ...

I have created your access-list rule without effect ... I try to answer to your questions (sorry, I an a novice in cisco management)

1) How and where is the acl applied ?

I don't know !!! In fact, I think that I don't really know what the acl is !!! Is it the same think that the security policy ?

2) Will you need DNS ?

Yes. But DNS isn't a problem because I have created rule to check dns in my LAN and the DNS requests are OK (for example with a nslookup on my server)

3) Check the hit count

What is the hit count ?

Sorry for my gaps !!!

Thanks for your help

New Member

Re: How to send a mail from a DMZ ...

I have solved my problem !!! I have created this nat rule :

static (DMZ,WAN) netmask

Then I have created 2 rule in the security policy to open the ports 443 and 25.

So the server is accessible from internet and it can be send email !!!

CreatePlease login to create content