Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Webmail Server in DMZ

From: "Michael H" <af_pilot33 () hotmail com>
Date: Thu, 13 May 2004 16:53:53 -0700
Greetings,
I'm setting up a dmz for the first time and would like to put a front end web mail server in the dmz to get another layer between my mail server and the outside world. I'm using the Cisco site www.cisco.com/warp/public/110/mailserver_dmz.html as my guide, but still have some questions. 

Here is my network:
                        Webmail
                        Frontend
Email                  172.x.x.x
Backend                  |                A.B.C.D
10.x.x.x   --------------PIX--------------Internet
I need to pass traffic, obviously from the Frontend to the Backend server, to include https traffic. Here is my guess as to what I need: 

static (dmz, outside) A.B.C.D 172.x.x.x netmask 255.255.255.255 0 0
static (inside, dmz) 172.x.x.x 10.x.x.x netmask 255.255.255.255 0 0

access-list dmz_https permit tcp any host A.B.C.D eq https
access-list inside_https permit tcp any host 172.x.x.x eq https

access-group dmz_https in interface outside
access-group inside_https in interface dmz
I would include any additional protocols in the dmz/inside https ACL necessary, but I'm wondering if my logic is sound. As I said, I'm new to having a dmz and not a pix guru by any means. Any input on how to do this or suggestions on better ways of accomplishing my task are greatly appreciated. 

regards,
Michael


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: