Cisco Systems, Inc.(R)    Cisco | Profile | Contacts & Feedback | Help
Cisco SMB Support Assistant
Modify Security for an Internal Mail Server
Home > Work With My Routers > Cisco Routers > Modify Security for an Internal Mail Server  
 

Modify Security for an Internal Mail Server

     Introduction
     Requirements
     Modify Security for an Internal Email Server
          Add an ACL Rule for Email Traffic
          Create an Address Translation Rule for Email Traffic
     Next Step
     Troubleshoot the Procedure
     Related Information

Download PDF


 		 Modify Security for an Internal Mail Server 


Introduction

This document explains how to modify your router security settings so that you can use an internal email server.


Back to Top


Requirements


Back to Top


Modify Security for an Internal Email Server

If you have an email server inside your network, you can modify the security settings to allow email traffic. To modify the firewall to allow email traffic, follow these steps:

Note: You do not need to modify the firewall rules to allow users to communicate with an external email server.

Add an ACL Rule for Email Traffic

To create a firewall rule to allow email traffic, follow these steps:

  1. Open a web browser and type http://router-IP-address in the Address field. The router's IP address is the IP address that you entered in the LAN Addressing Worksheet (field L6A).

    Note: For further information about how to launch SDM, refer to Configure Your Router with Security Device Manager.

  2. Click Configure.

    internalmailserver_sdm_conf.gif

  3. Click the Firewall and ACL tab.

    internalmailserver_1.gif

  4. Click Edit Firewall Policy/ACL.

  5. In the From interface, select your WAN interface and in the To interface select your LAN interface. Click Go.

    intmail-firewall3b.gif

  6. Click Returning Traffic.

  7. Follow these steps to allow incoming SMTP email traffic on TCP port 25:

    1. Next to Services, click Add > Insert After.

      intmail-firewall4b.gif

    2. Next to Select an action, choose Permit.

      intmail-firewall5b.gif

    3. Under Source Host/Network, choose Any IP Address.

      intmail-firewall6b.gif

    4. Under Destination Host/Network, choose Any IP Address.

      intmail-firewall12b.gif

    5. Under Protocol and Service, choose TCP.

      intmail-firewall13b.gif

    6. Under Destination Port, click the details button (...) and select smtp (25). Click OK to select the service, then click OK to confirm the rule.

      intmail-firewall14a.gif

  8. Follow these steps to allow incoming SMTP email traffic on TCP port 465:

    1. Next to Services, click Add > Insert After.

    2. Next to Select an action, choose Permit.

    3. Under Source Host/Network, choose Any IP Address.

    4. Under Destination Host/Network, choose Any IP Address.

    5. Under Protocol and Service, choose TCP.

    6. Under Destination Port, replace the word any with 465. Click OK to select the service, then click OK to confirm the rule.

Create an Address Translation Rule for Email Traffic

To create an Address Translation Rule to allow email traffic, follow these steps:

  1. Follow these steps to add an address translation rule for TCP port 25:

    1. Click the NAT tab.

      intmail-firewallnat8a.gif

    2. Click Add to add a new translation rule.

      intmail-firewallnat3b.gif

    3. At the Add Address Translation Rule screen, choose Static. Next to Direction, choose From inside to outside.

      intmail-firewallnat4stata.gif

    4. Under Inside Interface(s), enter the internal IP address of your server that you entered in field F1 of the Internet Services worksheet.

      intmail-firewallpat1.gif

    5. Under Outside Interface(s), enter the public IP address of your WAN connection.

      intmail-firewallpat2.gif

    6. Under IP Address, check Redirect Port. Choose TCP and enter the port 25 in the Original Port and Translated Port fields.

      intmail-firewallpat6a.gif

    7. Click OK to confirm.

  2. Follow these steps to add an address translation rule for TCP port 465:

    1. Click Add to add a new translation rule.

    2. At the Add Address Translation Rule screen, choose Static.

    3. Next to Direction, choose From inside to outside.

    4. Under Inside Interface(s), enter the internal IP address of your server that you entered in field F1 of the Internet Services worksheet.

    5. Under Outside Interface(s), enter the public IP address of your WAN connection.

    6. Under IP Address, check Redirect Port. Choose TCP and enter port number 465 in the Original Port and Translated Port fields.

    7. Click OK to confirm.

  3. Click File > Write to Startup Config to save your configuration.


Back to Top


Next Step

You have now modified your router security settings for an internal email server.

To make further changes to your router, refer to the Router Support Page.

To set up other devices on your network, refer to the Configuration Overview page.


Back to Top


Troubleshoot the Procedure

Problem

Cause(s) and Suggested Solution(s)

I added a new firewall rule and I cannot access the router.

Contact the SMB Technical Assistance Center (SMB TAC) for assistance.


Back to Top


Related Information
Service Requests

  Open a service request
  Update a service request

Feedback

Please rate this document.
++ + +/- - --

This document solved my problem.
Yes No Just Browsing

Suggestions for improvement:




If Cisco may contact you for more details
or for future feedback opportunities,
please enter your contact information.
Full Name:
E-mail:



© 1992-2006 Cisco Systems, Inc. All rights reserved. Terms and Conditions, Privacy Statement, Cookie Policy and Trademarks of Cisco Systems, Inc.