access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 210.xxx.xx.x7 1
(1) After applying access-list dmz_access_in in interface DMZ, the mail relay server can't access internet anymore. Why? Does it apply to incoming or outcoming traffic?
(2) With dmz_access_in access list, I can telnet to inside Exchange server, but I still can't send emails to internal users from the mail relay. Any ideas?
(3) Internal/External users can't send/receive emails from mail relay using public IP. Access-list issue again?
(4) When I apply access list on interfaces, does it apply to inbound or outbound traffic? I am really confused on applying access list on interfaces. Will the access list apply on outside interface being applied to DMZ? How does the firewall know where to route the incoming traffic to DMZ or inside interface?
Thank you very much in advance for any helps/advice.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...