Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

SMTP Access Rule through ASA-5510

  • Filter
  • Time
  • Show
Clear All
new posts

  • SMTP Access Rule through ASA-5510

    I have a single public IP and I want to host our email server in-house. I have already advised our ISP for the MX record to point to our public IP. I have done exchange settings properly but i still need to set up my 5510 to allow SMTP traffic both inbound and outbound.

    I do not know CLI. If anyone can please advise me through ASDM, i would really be greatful.

    Thanks in advance.

  • #2
    Re: SMTP Access Rule through ASA-5510

    static (inside,outside) <OUTSIDEIP> <INSIDEIP> netmask

    this assumes your interfaces are named "inside" and "outside"


    • #3
      Re: SMTP Access Rule through ASA-5510

      My interfaces are INTERNAL, EXTERNAL and MANAGEMENT.

      Please guide me in setting up EXTERNAL to allow SMTP traffic routed directly to my EXCHANGE SERVER via the server's IP ADDRESS.



      • #4
        Re: SMTP Access Rule through ASA-5510

        Hi Garen! looks like you've forgotten about me already.

        i tried to do that but i get an error that static gets;

        ERROR: Invalid input detected.

        here is my running config

        : Saved
        ASA Version 7.0(
        hostname SOLB-ASA5510
        domain-name domain_name
        enable password /XyfdNoOJG2liQmo encrypted
        passwd 2KFQnbNIdI.2KYOU encrypted
        interface Ethernet0/0
        nameif EXTERNAL
        security-level 50
        ip address if_ip
        interface Ethernet0/1
        nameif INTERNAL
        security-level 100
        ip address if_ip
        interface Ethernet0/2
        no nameif
        no security-level
        no ip address
        interface Management0/0
        nameif management
        security-level 100
        ip address
        ftp mode passive
        access-list INTERNAL_access_in extended permit ip any any
        access-list EXTERNAL_access_out extended permit ip interface EXTERNAL any
        pager lines 24
        logging asdm informational
        mtu EXTERNAL 1500
        mtu INTERNAL 1500
        mtu management 1500
        icmp permit any INTERNAL
        asdm image disk0:/asdm-508.bin
        no asdm history enable
        arp timeout 14400
        global (EXTERNAL) 10 interface
        nat (INTERNAL) 10
        nat (management) 10
        access-group EXTERNAL_access_in in interface EXTERNAL
        access-group EXTERNAL_access_out out interface EXTERNAL
        access-group INTERNAL_access_in in interface INTERNAL
        access-group INTERNAL_access_out out interface INTERNAL
        route EXTERNAL gateway_ip 1
        timeout xlate 3:00:00
        timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
        timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
        timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
        timeout uauth 0:05:00 absolute
        username username password 87fcgQ80XZp7LcFH encrypted privilege 15
        aaa authentication telnet console LOCAL
        aaa authentication enable console LOCAL
        aaa authentication ssh console LOCAL
        aaa authorization command LOCAL
        http server enable
        http private_ip INTERNAL
        http management
        no snmp-server location
        no snmp-server contact
        snmp-server enable traps snmp authentication linkup linkdown coldstart
        crypto ipsec security-association lifetime seconds 28800
        crypto ipsec security-association lifetime kilobytes 4608000
        telnet management
        telnet timeout 5
        ssh management
        ssh timeout 5
        console timeout 0
        dhcpd address management
        dhcpd lease 3600
        dhcpd ping_timeout 50
        dhcpd enable management
        class-map inspection_default
        match default-inspection-traffic
        policy-map global_policy
        class inspection_default
        inspect dns maximum-length 512
        inspect ftp
        inspect h323 h225
        inspect h323 ras
        inspect rsh
        inspect rtsp
        inspect esmtp
        inspect sqlnet
        inspect skinny
        inspect sunrpc
        inspect xdmcp
        inspect sip
        inspect netbios
        inspect tftp
        service-policy global_policy global
        : end


        • #5
          Re: SMTP Access Rule through ASA-5510

          Try "static (inside,outside) tcp interface smtp <inside> smtp netmask"