Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
1
Replies

moving barracuda spam firewall to ASA DMZ

mipl45023
Level 1
Level 1

‎04-01-2014 04:57 AM - edited ‎03-11-2019 09:01 PM

Greetings, 

 

is there a way to allow traffic from dmz to inside for exchange traffic . I have a barracuda spam firewall that needs to be moved to dmz. barracuda does port forwarding to server b for 443 and smtp traffic goes to server a and server b.  the barracuda in turn is natted to a public ip and that is set to mx. the barracuda is set to have a ip address which is internal to the dmz network , which in turn would be natted to a public ip address. 

 

if i do static(inside,dmz)server a server a netmast 255.255.255.255 will it work so that the traffic from dmz to inside goes to the server a which is a internal lan ip address and when traffic from inside goes to dmz it goes as ip address server a and server b only . 

 

the asa is 5505 and running version 8.2

 

many thanks 

Labels:
0 Helpful
1 Reply 1

jj27
Spotlight
Spotlight

‎04-01-2014 07:24 AM

Yes, you can do the static nat statement you mentioned.  You will also want to create an access-list for the DMZ interface and allow the barracuda to communicate with your email server on what I'm assuming needs to be port 25.

If your barracuda IP was 172.16.1.10 and your Exchange server was 192.168.1.10 your rule would be something like this:

static (inside,dmz) 192.168.1.10 192.168.1.10 netmask 255.255.255.255

access-list DMZ_in extended permit tcp host 172.16.1.10 host 192.168.1.10 eq 25
access-group DMZ_in in interface dmz

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card