Firewall Wizards mailing list archives
Webmail Server in DMZ
From: "Michael H" <af_pilot33 () hotmail com>
Date: Thu, 13 May 2004 16:53:53 -0700
Greetings,I'm setting up a dmz for the first time and would like to put a front end web mail server in the dmz to get another layer between my mail server and the outside world. I'm using the Cisco site www.cisco.com/warp/public/110/mailserver_dmz.html as my guide, but still have some questions.
Here is my network: Webmail Frontend Email 172.x.x.x Backend | A.B.C.D 10.x.x.x --------------PIX--------------InternetI need to pass traffic, obviously from the Frontend to the Backend server, to include https traffic. Here is my guess as to what I need:
static (dmz, outside) A.B.C.D 172.x.x.x netmask 255.255.255.255 0 0 static (inside, dmz) 172.x.x.x 10.x.x.x netmask 255.255.255.255 0 0 access-list dmz_https permit tcp any host A.B.C.D eq https access-list inside_https permit tcp any host 172.x.x.x eq https access-group dmz_https in interface outside access-group inside_https in interface dmzI would include any additional protocols in the dmz/inside https ACL necessary, but I'm wondering if my logic is sound. As I said, I'm new to having a dmz and not a pix guru by any means. Any input on how to do this or suggestions on better ways of accomplishing my task are greatly appreciated.
regards, Michael _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Webmail Server in DMZ Michael H (May 14)