Email Proxy

[LOSTBALL]

Hi,

I want to know if it is possible setup email proxy on a Cisco 506E firewall. Since the internal mail server has not got its own public IP address, the way we have been able to do this in the past using a GTA Robox firewall is to enable the emial proxy feature withing the fire. All that was required was the IP address of our internal mail server.

Any help would be appreciated

 

[JCDugas]

You need to assign a public address to your email server using the static command and then allow traffic to that server via port 25 using access-lists.

example:

access-list acl_outside permit tcp any host xxx.xxx.xxx.xxx eq smtp
static (inside,outside) xxx.xxx.xxx.xxx 192.168.x.x netmask 255.255.255.255 0 0
access-group acl_outside in interface outside

This first line sets up the access-list called acl_outside (you can call it anything)
The second line is doing the NAT, it NAT's the public address, xxx.xxx.xxx.xxx, to the internal address of your email server 192.168.xxx.xxx (whatever your private address may be.)
The third line applies the access-list or group called acl_outside to the outside interface, allow port 25 traffic address to the public address through to the private address.

I hope this is what you were looking for.

Jeremy

 

[LOSTBALL]

Hi,

Thanks for the tip. I tried this but I must be doing something simply wrong becuase I can get SMTP traffice inside the network. I will post the problem as a new thread.


Thanks.

 

[JCDugas]

What are the names of your interfaces?

 

[LOSTBALL]

Hi JCD,

I have managed to fix the problem. it seems the NAT configuration was wrong. I set the firewall so that mail is delivered to the firewall external interface, then I had to to a NAT to deliver the mail to my internal mail server on port 25.
In in all a good day since the VPN over GPRS is also up and running.

Thanks and keep up the good work.