i want to allow a mail server in the dmz (10.0.1.2) smtp access to a server on the inside interface (10.0.0.2). The inside server has a static nat mapping to the dmz (10.0.1.3). I created an access list which allows the mail server in the dmz to access http on the outside. The inside server has also an web server up and running ... i think you got my problem. Could someone tell me the best way to this special configuration? ;) I want to limit the access to the inside to only port 25 nothing else ...
Thanks for your answer. This access-list already exists. But there ist another access-list like this here:
access-list [dmzacl] permit host 10.0.1.12 any eq www
This allows http traffic also to the inside mail server. I actually only find the way to set a deny rule all acl after the allow rule for port 25 ... with much more servers i have also to deny each server this way. Does anyone have another solution for me?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...