Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewall, Vpn concentrator and SMTP Gateway

Hi,

We have a typical scenario, 2610 router connected to internet, the ethernet of 2610 directly connected to pix 515 through cross cable. on one dmz of pix 515 we have a concentrator, on the external interface of concentrator there is one SMTP gateway, the problem is this smtp gateway has to send mails and receive mails from internet, due to some client requirement it has to be behind the Concentrator, as this SMTP gateway is also used to send mails through VPN's to couple of clients.

Can you please suggest me how to do configuration for this kind of scenario.

Thanks in advance

Regards

Salim

2 REPLIES
New Member

Re: Firewall, Vpn concentrator and SMTP Gateway

lets say your outside IPs are 1.1.1.1 and 1.1.1.2, DMZ is called DMZ1:

ip address ethernet0 1.1.1.1 255.255.255.0

ip address ethernet2 192.168.1.1 255.255.255.0

static (dmz1, outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255

access-list 101 permit icmp any any

access-list 101 permit tcp any host 1.1.1.2 eq SMTP

access-group 101 in interface outside

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (dmz1) 1 0.0.0.0 0.0.0.0 0 0

-Shawn

New Member

Re: Firewall, Vpn concentrator and SMTP Gateway

Hi,

Thanks a lot for giving me the configuration. i have done accordingly, but the problem which i am facing now is that i am able to ping to vpn concentrator from my smtp server on the external interface of concentrator, i am also able to ping to the dmz interface of the firewall. but i am not able to ping or browse or send mails to internet as well as not able to ping ethernet interface of the router. do i need to add some thing else to do this.

let me remind again that the dmz interface of firewall is connected to outside interface of concentrator and smtp server is connected to external interface of vpn concentrator, is it because of this that the packets are getting dropped. i am not sure how a concentrator will behave in this scenario.

Thanks and Regards

Salim

152
Views
0
Helpful
2
Replies