Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Help With PIX Firewall and BARRACUDA

Network Sharing , TCP/IP, Internet, Wireless, Exchange, IIS, ISA and Print

Help With PIX Firewall and BARRACUDA

Postby Fozzie2121 » Tue Feb 16, 2010 5:07 pm

We are adding a Barracuda spam filter to our email system. We are also running Exchange 2003 and have all of our users accessing webmail through AAAA.AAA.com in addition to devices which require imap support pointing to the same AAAA.AAA.com… which also happens to be where our mx record points to.

Because of webmail support and the imap devices we need to maintain the AAAA.AAA.COM to allow our users to continue to access the webmail, etc. without changing the address they are currently using.

Now BARRACUDA say we need to do a port forward on our INBOUND MAIL to the BARRACUDA, but that forward in our firewall points to the external address for AAAA.AAA.COM as well as Directly to our mail server.

Here is a sample of the config of our cisco PIX

access-list acl_outside permit icmp any any echo-reply
access-list acl_outside permit icmp any any time-exceeded
access-list acl_outside permit icmp any any unreachable
access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq smtp
access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq pop3 <----------------------------
access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq www
access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq https
access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq imap4
access-list acl_outside permit tcp any host XXX.XXX.XXX.139 eq 993

static (inside,outside) XXX.XXX.XXX.139 XXX.XXX.XXX.4 netmask 255.255.255.255 0 0

Here is my thought process...am i overthinking it, ? is there a better way. I am assumeing the entry above with the arrow is my current port forward.

1. Add a new dns record (perhaps AAAA2.AAAA.com) which points to a different external ip address
2. Add new NAT translations to our network so the new external ip address points to our Barracuda
3. Change our mx record to point the new external address (AAAA2.AAAA.com) instead of the existing AAA.AAAAA.com
4. Keep AAA.AAAA.com and existing NAT translations the same so webamail and IMAP still work

Thank you for your help in advanced
Fozzie2121
 
Posts: 3
Joined: Tue Feb 16, 2010 4:40 pm

Re: Help With PIX Firewall and BARRACUDA

Postby chicagotech » Tue Feb 16, 2010 5:52 pm

Sure, I don't see any problem to create aaa2.aaa.com for MX record. We just have similar case. We used to have OWA as front-end Exchange and back-end exchange. The MX record points to OWA. Now, we just added a Vircom. WE created A record and MX record pointing to the vircom while users still access to the OWA. Please back if you do experience any issues.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6926
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA


Return to Networking

Your Ad Here

Who is online

Users browsing this forum: No registered users and 7 guests