Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
3
Replies

Mail server at DMZ

eppiet
Level 1
Level 1

‎06-12-2003 11:11 AM - edited ‎03-09-2019 03:39 AM

if I have an access-list like this:

access-list mail permit tcp any any eq smtp

access-list mail permit tcp any any eq pop3

Do I need to have another access-list to permit smtp and pop3 to and from my mail server located at the DMZ?

Labels:
0 Helpful
3 Replies 3

wmartini
Level 1
Level 1

‎06-12-2003 12:11 PM

In a normal situation, it will not be necessary

0 Helpful

eppiet
Level 1
Level 1
In response to wmartini

‎06-12-2003 02:17 PM

under what situation do I need it? I do have an access-list that applied to the dmz interface to allow smtp and pop3 in.

0 Helpful

shannong
Level 4
Level 4
In response to eppiet

‎06-13-2003 05:13 AM

If you have that access-list on your outside interface and NAT is working correctly, you will not need to specifically allow the traffic in your DMZ interface. The ASA (adaptive security algorithm) will know to let the traffic back in the DMZ interface regardless of what the access-list there says. In fact, even an explicit Deny statement would not stop the traffic.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents