Solved: ESA to CES migration

RomarRoca00954 · ‎08-17-2021

Hi everyone, We are migrating cisco ESA to CES. We started manually mirroring the policies, HATs, RATS, Dictionaries, etc. My question is what are the prerequisites for the SMTP routes since the mail servers are hosted in a private IP addresses?

RomarRoca00954 · ‎08-17-2021

I will look into getting in touch with the engineer for the migration.

Yes, mail servers on-premise and yes thanks for confirming, that is also what I am looking into right now to make NAT entries for the internal mail servers.

View solution in original post

Ken Stieers · ‎08-17-2021

My guess is that you'll need to NAT and allow access to your on-prem boxes on port 25 from the IPs of your CES boxes.
Then the SMTP routes would be pointed to the external NAT ips.

RomarRoca00954 · ‎08-17-2021

Thanks Ken, this was also in my thought process. thanks for the input

dmccabej · ‎08-17-2021

Hello,

Normally, when you purchase Cloud Email Security (CES), you are assigned an engineer that will help you with the migration and transition from on-prem to cloud. They would be able to assist with setting this up and answering these types of questions.

What mail servers are you referring to? Do you mean your own local Exchange/SMTP server? If so, then you would need to set up NAT on your edge device so that CES would have connectivity to your mail server(s). The SMTP routes would be set to your public IP on port 25 which then translates on your edge device and is forwarded to your internal Exchange/SMTP.

Thanks!

-Dennis M.

RomarRoca00954 · ‎08-17-2021

I will look into getting in touch with the engineer for the migration.

Yes, mail servers on-premise and yes thanks for confirming, that is also what I am looking into right now to make NAT entries for the internal mail servers.