MS Exchange: Configuring the firewall

---

Follow these steps to configure the firewall:

1. Create static and access-list commands to permit the outside server access to the inside server via the global address in the firewall.

2. For example:

   static (inside,outside) 209.165.201.5 192.168.42.2 0 0
   access-list acl_out permit tcp host 209.165.201.2 host 209.165.201.5 eq 139
   access-list acl_out permit udp host 209.165.201.2 host 209.165.201.5 eq 137
   access-list acl_out permit udp host 209.165.201.2 host 209.165.201.5 eq 138
   access-list acl_out permit tcp host 209.165.201.2 host 209.165.201.5 eq 135
   access-group acl_out in interface outside

   The static command statement permits the inside server, 192.168.42.2 to be accessible from the outside at global address 209.165.201.5. The access-list commands give the outside server, 209.165.201.2, access to the inside server's global address, 209.165.201.5. Port 139 gives access to NetBIOS over TCP. Access to UDP ports 137 and 138 is also required.

   The last access-list command statement for TCP port 135 permits the outside server to come in via MSRPC (Microsoft Remote Procedure Call), which uses TCP.

   The access-group command statement binds the access-list command statements to the outside interface.

3. The static command statement in Step 1 also allows outbound initiation, but needs an established command statement to allow back connections:

   established tcp 135 permitto tcp 1024-65535

   This command statement allows the RPC back connections from the outside host on all high ports (1024 through 65535) to deliver mail.

4. Enter the syslog console command statement so that you can watch for messages after you configure the two servers.

---