Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
3
Replies

SMTP topology

Go to solution
vavij
Level 1
Level 1

‎11-05-2011 05:20 AM - edited ‎03-11-2019 02:46 PM

Hi  All,

I  have queries regarding network topology when baracuda and smtp server  are deployed in the network.

exchange  server------(2.1)-ROUTER(3.1)---------(3.2)BARACUDA(4.1)-------4.2)ASA(200.1.1.1)------OUTSIDE

(192.168.2.10)                                                            (192.168.4.1)

static (inside, outside ) tcp interface smtp 192.168.4.1  smtp netmask 255.255.255.255

nat (inside) 1 192.168.2.0 255.255.255.0

global  (inside) 1 interface 

access-list outin extended permit tcp any host  200.1.1.1 eq smtp  

192.168.4.1 is baracuda ip and 192.168.2.10 is exchange  server ip.

My  query is, if baracuda is smtp gateway for exchange server and ASA is  default gateway for exchange server, is this configuration correct ?

Second  query is that its seen cutomers configure that mails from outside come  to baracuda but when mails go to outside it bypass baracuda. So do we  have to some configuration changes or is it these servers setting.

Third query  is in which cases baracuda server being smtp gateway is located at  outside of ASA and what changes will be in the configuation in that case

Any help  would be appreciated.

Thanks in advance.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
zulqurnain
Level 3
Level 3

‎11-06-2011 06:44 AM

Barracuda can be the smtp gateway but exchange server gateway can be the internal router as long as the router knows how to forward traffic to outside through barracuda.

You can configure it as you like but if one want to barracuda to send mails outside then you would have to configure exchange server with relay host configuration.

Practically it is not a good practice to put barracuda outside ASA as barracuda is a smtp gateway not a perimeter security devices which can filter traffic based on rules and allow and block.

HTH

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful

Go to solution
zulqurnain
Level 3
Level 3
In response to vavij

‎11-06-2011 10:15 AM

static (inside,outside) tcp (public ip-address) 25 (internal server ip-address) 25 netmask 255.255.255.255

Access-list out-in extended permit tcp host any (public ip-address used above) eq 25

Access-group out-in in interface outside

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
3 Replies 3

Go to solution
zulqurnain
Level 3
Level 3

‎11-06-2011 06:44 AM

Barracuda can be the smtp gateway but exchange server gateway can be the internal router as long as the router knows how to forward traffic to outside through barracuda.

You can configure it as you like but if one want to barracuda to send mails outside then you would have to configure exchange server with relay host configuration.

Practically it is not a good practice to put barracuda outside ASA as barracuda is a smtp gateway not a perimeter security devices which can filter traffic based on rules and allow and block.

HTH

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
vavij
Level 1
Level 1
In response to zulqurnain

‎11-06-2011 06:58 AM

Thanks for your reply.

One more question, is the configuration above correct for the inbound and outbound flow of mails?

0 Helpful

Go to solution
zulqurnain
Level 3
Level 3
In response to vavij

‎11-06-2011 10:15 AM

static (inside,outside) tcp (public ip-address) 25 (internal server ip-address) 25 netmask 255.255.255.255

Access-list out-in extended permit tcp host any (public ip-address used above) eq 25

Access-group out-in in interface outside

Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card