Cisco Cisco Email Security Appliance C650 Guía Del Usuario
3-4
Cisco AsyncOS 8.0 for Email User Guide
Chapter 3 Setup and Installation
Physically Connecting the Cisco Appliance to the Network
Advanced Configurations
In addition to the configurations shown in
and
, you can also configure:
•
Multiple Cisco appliances using the Centralized Management feature. See
•
Redundancy at the network interface card level by “teaming” two of the Ethernet interfaces on Cisco
appliances using the NIC Pairing feature. See
appliances using the NIC Pairing feature. See
Firewall Settings (NAT, Ports)
SMTP and DNS services must have access to the Internet. Other services may also require open firewall
ports. For details, see
ports. For details, see
Physically Connecting the Cisco Appliance to the Network
Configuration Scenarios
The typical configuration scenario for the Cisco appliance is as follows:
•
Interfaces - Only one of the three available Ethernet interfaces on the Cisco appliance is required
for most network environments. However, you can configure two Ethernet interfaces and segregate
your internal network from your external Internet network connection.
for most network environments. However, you can configure two Ethernet interfaces and segregate
your internal network from your external Internet network connection.
•
Public Listener (incoming email) - The public listener receives connections from many external
hosts and directs messages to a limited number of internal groupware servers.
hosts and directs messages to a limited number of internal groupware servers.
–
Accepts connections from external mail hosts based on settings in the Host Access Table (HAT).
By default, the HAT is configured to ACCEPT connections from all external mail hosts.
By default, the HAT is configured to ACCEPT connections from all external mail hosts.
–
Accepts incoming mail only if it is addressed for the local domains specified in the Recipient
Access Table (RAT). All other domains are rejected.
Access Table (RAT). All other domains are rejected.
–
Relays mail to the appropriate internal groupware server, as defined by SMTP Routes.
•
Private Listener (outgoing email) - The private listener receives connections from a limited
number of internal groupware servers and directs messages to many external mail hosts.
number of internal groupware servers and directs messages to many external mail hosts.
–
Internal groupware servers are configured to route outgoing mail to the Cisco C- or X-Series
appliance.
appliance.
–
The Cisco appliance accepts connections from internal groupware servers based on settings in
the HAT. By default, the HAT is configured to RELAY connections from all internal mail hosts.
the HAT. By default, the HAT is configured to RELAY connections from all internal mail hosts.
Segregating Incoming and Outgoing Mail
You can segregate incoming and outgoing email traffic over separate listeners and on separate IP
addresses. You can use Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses. However, the
System Setup Wizard on the appliance supports initial configuration of the following configurations:
addresses. You can use Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses. However, the
System Setup Wizard on the appliance supports initial configuration of the following configurations:
•
2 separate listeners on 2 logical IPv4 and 2 IPv6 addresses configured on separate physical
interfaces
interfaces
–
segregates incoming and outgoing traffic