I work with a Cisco PIX 515E UR with 3 interfaces : Inside, DMZ and Outside.
In the DMZ, I have a SMTP Server.
I want first that any host on the outside can reach this server on the port 25.
I think using NAT:
and then add a access rule:
access-list acl_out permit tcp any host global_addr eq smtp
acl_out is then applied in the access-group bound to the outside interface.
I think It was Ok with this configuration, but it doesn't work :(
From the outside, I try to telnet my SMTP server (with his public address) on the port 25, It doesn't work.
I have also a second problem... I want this SMTP server to go on the outside. Must I add a "nat(dmz) 1 0 0" command, and specify a global pool on the outside network or is the "static" command enough to assure inbound AND outbound traffic from and to my SMTP Server?
First of all placing Exchange Server in DMZ is not a good idea. I suspect you might beplacing OWA server or relay server in DMZ as a best practice, in such scenario's just allow smtp, https, http as well or incomming traffic. For outgoing from dmz to inside or outside yes, you need to nat them all or specific servers subnet. nat (dmz) 1 0.0.0.0 0.0.0.0 or any specifi IP
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...