Options
Config proxy email server outbound route?
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
sorry I mean I have a ASA 5505 and cannot figure out how to route from inside to a proxy email server outbound smtp??
okay, hey guys..I have no clue on how to config my inside email server (exchange 2003)
to route outbound traffic to my outbound.mailhop.org address....everything else is working but for the life of me I have no clue on what to write where? what port and inside or outside????
access-list outside_in extended permit tcp any any eq www
access-list outside_in extended permit tcp any interface outside eq smtp
access-list outside_in extended permit tcp any interface outside eq https
access-list outside_in extended permit tcp any interface outside eq 444
access-list outside_in extended permit tcp any interface outside eq 48944
access-list outside_in extended permit tcp any interface outside eq ssh
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended deny ip any any log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 48944 192.168.15.8 48944 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.15.40 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.15.40 https netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.15.41 444 netmask 255.255.255.255
access-group outside_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:
okay, hey guys..I have no clue on how to config my inside email server (exchange 2003)
to route outbound traffic to my outbound.mailhop.org address....everything else is working but for the life of me I have no clue on what to write where? what port and inside or outside????
access-list outside_in extended permit tcp any any eq www
access-list outside_in extended permit tcp any interface outside eq smtp
access-list outside_in extended permit tcp any interface outside eq https
access-list outside_in extended permit tcp any interface outside eq 444
access-list outside_in extended permit tcp any interface outside eq 48944
access-list outside_in extended permit tcp any interface outside eq ssh
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended deny ip any any log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 48944 192.168.15.8 48944 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.15.40 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.15.40 https netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.15.41 444 netmask 255.255.255.255
access-group outside_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:
Comments
-
Optionsitdaddy
Member Posts: 2,089 ■■■■□□□□□□
Okay maybe I can explain it this way.
Okay, I have an exchnage server 2003 behind my ASA 5505. It is not in a DMZ. I am not using a DMZ...why? don't see a need to right now..but later want to make one.
So my servers are behined the asa 5505. I have my websever, incoming SMTP email working great. but my outgoing from within my LAN not traversing out my inside_in side of my ASA.
I cannot get it right to config an access-group from inside_in to what the outside interface? or the inside_in...not sure why traffic isnt allow to just go out by default. All other traffic is allowed?
So again, I have a proxy email server on the WAN side out on the internet that I want my internal email server to send outbound SMTP traffic to? how in the heck to I write the ACL, and access group and what orientation? inside_in or what? thanks
Robert
P.S even if you have a good example book...I have only books with using DMZ..I know I can
config it from within my LAN to outside...at least I think I should be able to ??