Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SMTP access to DMZ

Status
Not open for further replies.
psolis

psolis

MIS
Feb 28, 2002
47
US
what access-list do I need to set up to allow smtp access to my dmz? I set up an Exchange server and pointed the DNS records to the static Ip and I am able to send out mail but when someone replies to it, the mail gets lost in outer space. I believe that because the MX records are pointing to the static IP, the mail is getting dropped because I don't have SMTP access open on the PIX - does this sound correct?
 
Sort by date Sort by votes
access-list mail_in permit any host mail_srv eq 25
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
That didn't seem to work - don't I need an access list number like 100 or something and aren't I supposed to run a access-group command after that? Not sure but I thought I saw something like that.
 
Upvote 0 Downvote
Yeah .. you need an acces group command to apply it to the outside interface! Sorry, I presumed that you knew that!

access-group mail_in in interface outside

Also, substitute mail_srv for the IP address of your mail server, the global one.

So, traffic from anywhere is allowed in to the host mail_srv on port 25.

Chris.

************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
what I had done that didn't work for me in the sense that when I applied the access-group, I lost all access to surf the web.


access-list acl_out permit tcp any host 65.45.x.x eq smtp
access-group acl_out in interface outside


I found this on page 2-32 of the PIX Version 5.1 manual.
Didn't work

I noticed yours said mail_in where I had acl_out. Is this a version specific command or does it also work.
And most importsntly that I lost ability to surf the web - as if nat stopped working for the outside.
 
Upvote 0 Downvote
Chris - I just used
conduit permit tcp host 65.45.x.x eq smtp any
and it worked.

Tnanks for your help - I could still use your knowledge on the alis question I posted - Paul
 
Upvote 0 Downvote
The conduit statement does the same thing as the access list! Well done!!

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
681
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
594
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
726
Shmid
Shmid
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
157
kythri
kythri
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
121
gbayi_omo
gbayi_omo

Part and Inventory Search

Sponsor

Back
Top