Cisco 2600 SMTP Access List....need advice

SCORP69SCORP · ‎06-24-2011

I have a 2600 router on the edge of my network...connected to a DSL line...dnyamic IP handeled by DYNDNS service.

I am running a Windows 2003 server with Exchange 2003 on it...

I have the following lines in my config file :

ip nat inside source static tcp 192.168.0.10 25 interface Dialer0 25

access-list 104 permit tcp any any eq smtp (104 is the Dialer0 outside interface)

am I missing any access-list entries?

ATTACHED IS MY CONFIG FILE

Thotsaphon Lueangwattanaphong · ‎06-24-2011

Hi,

Your configuration looks good to me. It's for incomming SMTP traffic from outside to inside. However,I didn't see you inspect SMTP for outgoing mails from inside to outside.

HTH,

Toshi

SCORP69SCORP · ‎06-24-2011

so can you tell me what i may be missing....what lines do I need to add

ashok_boin · ‎06-25-2011

Hi David,

The conf looks ok. ACLs configuration purely depends upon your business requirements.

But, couple of comments...

1. Try to be as specific as possible in ACLs (I meant instead of allowing any any eq 25, pls do it for specific mail server ip)

2. I have seen a separate interface for DMZ Zone where we generally put the servers facing outside. You may move your e-mail server facing outside to DMZ interface.

Regards...

-Ashok.

With best regards...
Ashok

SCORP69SCORP · ‎06-25-2011

Unfortunatley I do not have a DMZ...my server is on my LAN.

I know a DMZ would be the normal way to set it up..but this way should still work.

Am I missing an ACL for SMTP inside to outside that I need to configur...if so can you give me some help with that.

I am still learning cisco stuff.

thankls

Thotsaphon Lueangwattanaphong · ‎06-25-2011

Hi,

You just add "ip inspect name SDM_LOW smtp" on it.

HTH,

Toshi