Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RV042 and Forefront Online For Exchange

I have a SBS 2011 and a RV042 router.  I was going to try Forefront Online For Exchange 60 Day Trial to see how it cleaned up spam, virus etc. Well to accomplish this I have to configure the router to only accept email from Forefront's IP addresses about 13 ranges in all.  Has anyone tried this and is it even possible with the RV042 router?  Thanks!

  • Small Business Routers
7 REPLIES

RV042 and Forefront Online For Exchange

RV042 supports 30 entries of port-range forwarding and 50 entries of access rules.

New Member

RV042 and Forefront Online For Exchange

So would I make an access rule for every IP or IP range? So set up 13 access rules and port forward like normal? If I creat a rule does it then by default block everything else on that port? or does there have to be a "Deny" rule some how?  Thanks for your help!

RV042 and Forefront Online For Exchange

Yes, you would need to add 13 Deny rules followed by 13 Allow rules, one for each IP range.

Here is a related discussion thread.

https://supportforums.cisco.com/message/3480287#3480287

New Member

RV042 and Forefront Online For Exchange

PriorityPolicy NameEnableActionServiceSource InterfaceSourceDestinationTimeDay
Delete
13A ForefAllowSMTP [25]WAN206.16.57.70 ~ 206.16.57.70AnyAlways
Delete
13 ForeftDenySMTP [25]WANAnyAnyAlways
Delete
12A ForefAllowSMTP [25]WAN12.129.219.155 ~ 12.129.219.155AnyAlways
Delete
12 ForeftDenySMTP [25]WANAnyAnyAlways
Delete
11A ForefAllowSMTP [25]WAN12.129.199.61 ~ 12.129.199.61AnyAlways
Delete
11 ForeftDenySMTP [25]WANAnyAnyAlways

Delete

Is this how you would do it? and if so how do you decide priority?  Thanks for the help!

Re: RV042 and Forefront Online For Exchange

Priority = 1 has the highest priority.

You only need one Deny rule  placed at the bottom of the table as the others are duplicates.

You should have a forwarding rule that forwards SMTP to an internal IP address. The allow rules should have Destination = the internal IP address.

New Member

RV042 and Forefront Online For Exchange

Thank you Tekliu, I thought the Deny rule was duplicated but I misunderstood your earlier post saying I needed 13 Deny rules  Ok I do have SMTP traffice forwarded to my 192.168.1.2 address so I cleaned up the table to this.  Does this look correct? Also would you turn on packet logging ?

PriorityPolicy NameEnableActionServiceSource InterfaceSourceDestinationTimeDay
Delete
13 ForeftAllowSMTP [25]WAN206.16.57.70 ~ 206.16.57.70192.168.1.2 ~ 192.168.1.2Always
Delete
12 ForeftAllowSMTP [25]WAN12.129.219.155 ~ 12.129.219.155192.168.1.1 ~ 192.168.1.1Always
Delete
11 ForeftAllowSMTP [25]WAN12.129.199.61 ~ 12.129.199.61192.168.1.2 ~ 192.168.1.2Always
Delete
10 ForeftAllowSMTP [25]WAN216.32.181.1 ~ 216.32.181.254192.168.1.2 ~ 192.168.1.2Always
Delete
9 ForeftAllowSMTP [25]WAN216.32.180.1 ~ 216.32.180.254192.168.1.2 ~ 192.168.1.2Always
Delete
8 ForeftAllowSMTP [25]WAN213.199.180.129 ~ 213.199.180.190192.168.1.2 ~ 192.168.1.2Always
Delete
7 ForeftAllowSMTP [25]WAN213.199.154.1 ~ 213.199.154.254192.168.1.2 ~ 192.168.1.2Always
Delete
6 ForeftAllowSMTP [25]WAN207.46.163.1 ~ 207.46.163.254192.168.1.2 ~ 192.168.1.2Always
Delete
5 ForeftAllowSMTP [25]WAN207.46.51.65 ~ 207.46.51.126192.168.1.2 ~ 192.168.1.2Always
Delete
4 ForeftAllowSMTP [25]WAN94.245.120.65 ~ 94.245.120.126192.168.1.2 ~ 192.168.1.2Always
Delete
3 ForeftAllowSMTP [25]WAN65.55.88.1 ~ 65.55.88.254192.168.1.2 ~ 192.168.1.2Always
Delete
2 ForeftAllowSMTP [25]WAN63.241.222.1 ~ 63.241.222.254192.168.1.2 ~ 192.168.1.2Always
Delete
1 ForefroAllowSMTP [25]WAN12.129.20.1 ~ 12.129.20.254192.168.1.2 ~ 192.168.1.2Always
Delete
Deny ForeDenySMTP [25]WANAnyAnyAlways
Delete

AllowAll Traffic [1]LANAnyAnyAlways

DenyAll Traffic [1]WANAnyAnyAlways

DenyAll Traffic [1]DMZAnyAnyAlways
Silver

RV042 and Forefront Online For Exchange

Gilbert, You can get rid of the #14 as it will be denied in the 2nd from last Deny WAN-Any-Any

Regards Simon
http://www.linksysinfo.org

Regards Simon http://www.linksysinfo.org
526
Views
15
Helpful
7
Replies