02-18-2003 10:47 AM - edited 02-20-2020 10:34 PM
I have multiple networks setup through my Pix's. I am having trouble configuring the Pix to allow mail to flow from a network with a lower security value to a network with higher security values. Mail flow from the higher security level networks is fine going to lower level security networks.
Any advice is greatly appreciated.
Security levels follow:
nameif ethernet0 out security0
nameif ethernet1 in1 security100
nameif ethernet2 in2 security90
nameif ethernet3 in3 security30
nameif ethernet5 in5 security25
nameif ethernet4 in4 security15
Regards
Corey
02-19-2003 01:00 PM
What protocol do you mean? Unix people would mean vanilla SMTP, while WIndows Exchange people could mean a variety of things, depending on the exchange architecture.
You need to use conduits or access lists to allow traffic to flow from lower to higher secure interfaces.
Matt
02-19-2003 01:24 PM
A access-list must be used anytime a lower security level interface needs to access resources through a higher level interface. You could create one access-list if mail is the only thing that needs to route between these interfaces.
access-list smtp permit tcp any host
Then you can apply that access list to each interface that needs to access mail.
access-group smtp in interface
02-19-2003 02:04 PM
I will give that a try. Thanks.
02-19-2003 02:25 PM
There are other factors that may come up. Mainly, NAT. If you are using NAT, you may have to create some static mappings between the interfaces, which will change the way the access list work. Basically, you will have to have a different ACL for Each interface pointing to the staticly mapped IP Address for that network and the mail server. It is hard to plan this without knowing your entire configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide