You just need to replace the

mrose300 · ‎07-30-2015

How do I allow access to my internal email server from the outside? I want to allow anyone to access the server on port 25. I know I need to configure the port forwarding for to allow access to the internal server address on port 25, but I'm unclear on the NAT configuration.

Internal server address is 10.8.2.3

Thanks

Dinesh Moudgil · ‎07-30-2015

Hi Mrose,

Here is a link that you can follow:-
Allow hosts on the Internet to access a webserver on the DMZ
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html

Look for step 2 : Configure NAT to Access Webserver from Internet

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

mrose300 · ‎07-30-2015

The email server is not in a DMZ (although it probably should be), but this should help. I will take a look and respond with any comments. thanks

mrose300 · ‎07-30-2015

How does this configuration change if the server is off the inside interface and not a DMZ? Can I just setup the object group to use the inside interface? What does the NAT statement look like then?

thanks

Dinesh Moudgil · ‎07-30-2015

You just need to replace the natting and access-list rules for DMZ to inside.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

mrose300 · ‎07-31-2015

This doesn't seem to work

ASA5505 and external access to email server on port 25