Cisco Cisco Email Security Appliance C680 User Guide

You may want to review all features of the appliance prior to installing. 

 provides an overview of all functions available on the appliance that may affect the 

placement of the Cisco IronPort appliance within your infrastructure.

Most customers’ network configurations are represented in the following scenarios. If your network 
configuration varies significantly and you would like assistance planning an installation, please contact 
Cisco IronPort Customer Support (see 

).

The following figure shows the typical placement of the Cisco IronPort appliance in an enterprise 
network environment: 

In some scenarios, the Cisco IronPort appliance resides inside the network “DMZ,” in which case an 
additional firewall sits between the Cisco IronPort appliance and the groupware server.

The following network scenarios are described:

Behind the Firewall (see 

)

Choose the configuration that best matches your infrastructure. Then proceed to the next section, 

Incoming mail is accepted for the local domains you specify. (See ) 

All other domains are rejected. 

External systems connect directly to the Cisco IronPort appliance to transmit email for the local 
domains, and the Cisco IronPort appliance relays the mail to the appropriate groupware servers (for 
example, Exchange™, Groupwise™, Domino™) via SMTP routes. (See “Routing Email for Local 
Domains” in the Cisco IronPort AsyncOS for Email Advanced Configuration Guide.) 

Outgoing mail sent by internal users is routed by the groupware server to the Cisco IronPort 
appliance. 

The Cisco IronPort appliance accepts outbound email based on settings in the Host Access Table for 
the private listener. (For more information, see 

.) 

Only one of the available Ethernet interfaces on the Cisco IronPort appliance is required in these 
configurations. However, you can configure two Ethernet interfaces and segregate your internal 
network from your external Internet network connection.