Cisco Support Community
Community Member

One more Time

I have 515r, and I added next line in my configuration

because without it, exchange doesn´t work, inside client´s can´t connect with it.

access-list aclout permit ip any any

but some of you told me that is a big hole, in my security.

My question is:

What do you recommended me?

I´m not an expert, is my first time in Pix!

Gdl. Mex.

Thanks a lot, in advance for time!

Community Member

Re: One more Time

check the port assignments in the following link

If the inside hosts are making the connection, the netbios ports should be OK but perhaps the established for 135 will be required for rpc

I assume there has been no acl applied to the inside

Community Member

Re: One more Time

Having Exchange in the DMZ or outside isn't the best way to do things.

You can keep exchange inside & place a SMTP relay in the DMZ. Inbound & outbound mail are passing through this SMTP relay. Some good commercial products are available like Mail Essentials Ref.:

If you want to keep Exchange outside or in the DMZ, you should open RPC ports because Outlook/exchange communications are using those ports. But i don't know if it's only Outlook who are initiating communications to Exchange or both.

Community Member

Re: One more Time


can you please explain where is the exchange is it in dmz zone or in the outside zone if its in the dmz zone i will tell you perfect solution that i have done with my exchange 5.5 and the pix firewall

cause as u tell you open secuirity hole on your network and even if you use the the ports to be opened inbetween the zones the the internal zone secuirity will be less than 100% ....

best regards

CreatePlease to create content