cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
854
Views
0
Helpful
3
Replies

Email Access for three Cisco Firewall

Tang-Suan Tan
Level 1
Level 1

Hi All :

Below please see my  client email access picture in attach file. It happens the email access from DMZ zone of RTDB firewall fail to Edge Network mapped IP address.

Funny thing is the access from partial network is OK as indicated separately : From Servers Network to Edge, from MIS Network to Edge and also from DMZ to MIS is OK.

The problem only happens at the required result of from DMZ to Edge.

What is the possible problem? Anyone can help and any information needed in order for helping on this case?

Thanks and best regards,

tangsuan

3 Replies 3

Tang-Suan Tan
Level 1
Level 1

Hi all :

Look at the inside network of PP external firewall and the MIS (outside) network of RTDB Firewall, they are separated by MIS switch.

The security level of the inside network of PP external firewall is 100 and security level of the MIS (outside) is 0. Although there are separated by two VLAN and between them but there is inter-VLAN routing by the seitch.

Is it necessary to set these two network to same security level so that the traffic between them can flow properly between two VLAN?

Please advise

Beside that, any other concern on this design?

Many thanks!

best regards,

tangsuan

Hi all :

I need the help from this email access badly. In this design, I have loosen the access between the Outside (MIS) and DMZ of the RTDB Firewall access which is as below :

access-list DMZ-IN extended permit ip 10.30.30.0 255.255.255.0 any

access-list MIS-IN extended permit ip any 10.30.30.0 255.255.255.0   <--- this applies from Outside of RTDB firewall access to the DMZ

This morning I also tried to set the security level of the MIS to 80 and the security level of the MIS to 50 so that the MIS security level is same as the Inside network of the PP External firewall.

The result of telnet 172.16.1.106 25 is still the same -- cannot work.

The MIS switch is a 3Com switch which caould be a problem. I will see anyway to bypass the switch to test again.

Anybody has any suggestion on this problem?

Thanks!

Hi all :

This problem has been resolved after a lot of access rules added in and modified.

The access rules have to be cleared first and then the station has to open the port 25 from anti-virus software. One sentence can describe the whole problem but it needs days to do the job.

This discussion is closed.

Thanks and best regards,

tangsuan

Review Cisco Networking for a $25 gift card