We are having a problem with a Cisco PIX Firewall 515 on a customer site. We have three interfaces on the PIX. We are configuring our mail server on the DMZ (The server in the DMZ needs to communicate with another mail server on the inside LAN). We can connect to the internet from the inside LAN properly, we can access the DMZ from the inside and we can ping it also from the inside, also we are able to get to the DMZ from the outside for the Web Access application. The problem is that we can't access the inside or the outside from the DMZ. also we weren't able to access the DMZ from the inside until we used a conduit to permit so, though I know that traffic from a high security interface to a lower security interface doesn't need a conduit or an ACL. You can see that our customer is using a wrong address range for the inside interface but they will take care of it later. I also know it is not recommended to use ACLs with Conduits but this is the only way it worked. I am posting my onfiguration below.Please advise us. Thanks
note: The software engineer who is handling the Mail server asked us to turn off the mailguard feature for his application.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...