How to access port 25 from DMZ?

[drmohlen]

I was wondering if any one would be able to tell me the easiest way of allowing an Apache web server with IP address of 192.168.10.16 located on DMZ to send SMTP messages (port 25) to the Exchange server with IP address of 192.168.1.26 located on the inside .

Many Thanks

 

[Supergrrover]

Try this -
access-list DMZ-in permit tcp host [ApacheIP] host [ExchangeIP] eq 25
access-list DMZ-in deny tcp [DMZNetwork] [MASK] [internalNetwork] [MASK]
access-list DMZ-in permit ip any any
access-group in interface dmz
static (inside,dmz) tcp [ExchangeIP] 25 [ExchangeIP] 25 netmask 255.255.255.255



Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[drmohlen]

Thank you for the answering to my query, I am getting the following error message for two lines of the code you sent me and they are:

lukfw1(config)# access-group in interface dmz
^
ERROR: % Invalid input detected at '^' marker.

lukfw1(config)#static (inside,dmz) tcp 192.168.1.26 25 192.168.1.26 25 netmask 255.255.255.255
WARNING: real-address conflict with existing static
inside:192.168.1.0 to DMZ:192.168.10.0 netmask 255.255.255.0

have you any idea please?

 

[Supergrrover]

What Pix OS version do you have?

That line should have read -
access-group DMZ-in in interface dmz

Can you post your scrubbed config (no passwords and mask the middle 2 octets of the public IPs?)


Brent
Systems Engineer / Consultant
CCNP, CCSP