Cisco Cisco Email Security Appliance C190 Guia Do Utilizador
3-6
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 3 Setup and Installation
Physically Connecting the Cisco IronPort Appliance
to the Network
Configuration Scenarios
The typical configuration scenario for the Cisco IronPort appliance is as follows:
•
Interfaces - Only one of the three available Ethernet interfaces on the Cisco IronPort appliance is
required for most network environments. However, you can configure two Ethernet interfaces and
segregate your internal network from your external Internet network connection.
required for most network environments. However, you can configure two Ethernet interfaces and
segregate your internal network from your external Internet network connection.
•
Public Listener (incoming email) - The public listener receives connections from many external
hosts and directs messages to a limited number of internal groupware servers.
hosts and directs messages to a limited number of internal groupware servers.
–
Accepts connections from external mail hosts based on settings in the HAT. By default, the HAT
is configured to ACCEPT connections from all external mail hosts.
is configured to ACCEPT connections from all external mail hosts.
–
Accepts incoming mail only if it is addressed for the local domains specified in the RAT. All
other domains are rejected.
other domains are rejected.
–
Relays mail to the appropriate internal groupware server, as defined by SMTP Routes.
•
Private Listener (outgoing email) - The private listener receives connections from a limited
number of internal groupware servers and directs messages to many external mail hosts.
number of internal groupware servers and directs messages to many external mail hosts.
–
Internal groupware servers are configured to route outgoing mail to the Cisco IronPort C- or
X-Series appliance.
X-Series appliance.
–
The Cisco IronPort appliance accepts connections from internal groupware servers based on
settings in the HAT. By default, the HAT is configured to RELAY connections from all internal
mail hosts.
settings in the HAT. By default, the HAT is configured to RELAY connections from all internal
mail hosts.
Segregating Incoming and Outgoing Mail
You can segregate incoming and outgoing email traffic over separate listeners and on separate IP
addresses. You can use Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses. However, the
System Setup Wizard on the appliance supports initial configuration of the following configurations:
addresses. You can use Internet Protocol version 4 (IPv4) and version 6 (IPv6) addresses. However, the
System Setup Wizard on the appliance supports initial configuration of the following configurations:
•
2 separate listeners on 2 logical IPv4 and 2 IPv6 addresses configured on separate physical
interfaces
interfaces
–
segregates incoming and outgoing traffic
–
you can assign an IPv4 and an IPv6 address to each listener
•
1 listener on 1 logical IPv4 address configured on one physical interface
–
combines both incoming and outgoing traffic
–
you can assign both an IPv4 and an IPv6 address to the listener
Configuration worksheets for both one and two listener configurations are included below (see
). Most configuration scenarios are represented by one of the
following three figures.