I would allow access to an Exchange server in Trusted network to DMZ

Nico RosbergNico Rosberg Registered Users Posts: 2 ■□□□□□□□□□

ASA 5510

Trusted network =
DMZ network =

Ip address of Exchange Server =
IP address of Webserver =

Unused address in DMZ =

Current config entries related to DMZ:

interface Ethernet0/2
nameif dmz
security-level 50
ip address

access-list dmz extended deny ip any
access-list dmz extended permit ip any any

static (dmz,outside) xx.xx.xx.83 netmask

global (dmz) 10 interface

nat (dmz) 10

access-group dmz in interface dmz

I would like to add the following entries to enable the web server in the DMZ to access the Exchange server using SMTP:

static (inside,DMZ) netmask
access-list DMZ extended permit tcp host host eq smtp

Will this work? There should not be any violation related to "one ACL to one interface in one direction" is that correct?

Sign In or Register to comment.