ESA Initial Setup
ESA Initial Setup
Introduction:
In this lesson, we will initialize the Email Security Appliance (ESA) from the Command Line Interface (CLI) and configure its network settings. Proper configuration is essential for ensuring secure email communication and effective mail flow in a network environment.
Topology & Device Table
+-------------------+
| Admin PC |
| 192.168.101.10 |
+-------------------+
|
|
|
+-------------------+
| ESA |
| 192.168.101.25 |
+-------------------+
| Device | Interface | IP Address | Subnet Mask | Role |
|---|---|---|---|---|
| ESA | MgmtData | 192.168.101.25 | 255.255.255.0 | Email Security |
| Admin | N/A | 192.168.101.10 | 255.255.255.0 | Management PC |
Step-by-step configuration
Step 1: Log into ESA
What we are doing: We will log into the ESA using the default credentials.
login: admin
Password: ironport
What just happened: We have accessed the ESA CLI with administrative privileges, allowing us to configure the device.
Verify:
show version
Expected output snippet:
Cisco ESA Version x.x.x
Step 2: Configure Management Interface
What we are doing: We will configure the management interface with the specified parameters.
interfaceconfig
- Select
editfor the Management interface. - Change the name to
MgmtData. - Set the IPv4 address to
192.168.101.25. - Set the subnet mask to
255.255.255.0. - Set the hostname to
mgmt.NHPrep.live. - Enable SSH, FTP, HTTP, and HTTPS.
What just happened: The management interface is now configured with the new IP address, hostname, and protocols for secure access.
Verify:
show interfaces
Expected output snippet:
MgmtData: 192.168.101.25/24
Step 3: Enable Services on Management Interface
What we are doing: We will enable various services on the management interface.
Do you want to enable SSH on this interface? [Y]> y
Do you want to enable FTP on this interface? [Y]> y
Do you want to enable HTTP on this interface? [Y]> y
Do you want to enable HTTPS on this interface? [Y]> y
What just happened: SSH, FTP, HTTP, and HTTPS services are enabled, allowing secure remote management and file transfer.
Verify:
show service status
Expected output snippet:
SSH: Enabled
FTP: Enabled
HTTP: Enabled
HTTPS: Enabled
Step 4: Configure Mail Flow Policy
What we are doing: We will create a mail flow policy to relay messages.
Mail Policies -> Host Access Table (HAT) -> Mail Flow Policies -> Add Policy
- Set the Policy Name to
RELAYED. - Set the Connection Behavior to
Relay. - Submit the changes.
What just happened: A new mail flow policy has been created to allow the ESA to relay emails.
Verify:
show mail policies
Expected output snippet:
Policy Name: RELAYED
Connection Behavior: Relay
Step 5: Configure Sender Group
What we are doing: We will configure a sender group to use the mail flow policy created earlier.
Mail Policies -> Host Access Table (HAT) -> HAT Overview -> Add Sender Group
- Set the Policy Name to
RELAY_LIST. - Set the Order to
1. - Set the Policy to
RELAYED. - Set the Sender IP to
192.168.100.99. - Submit and commit changes.
What just happened: A sender group has been established to utilize the relay policy for the specified mail server.
Verify:
show sender groups
Expected output snippet:
Sender Group: RELAY_LIST
Policy: RELAYED
Verification Checklist
- Check 1: Management interface configured with IP 192.168.101.25.
- Check 2: Mail flow policy
RELAYEDcreated and active.
Common Mistakes
| Symptom | Cause | Fix |
|---|---|---|
| Unable to access ESA via SSH | SSH not enabled | Ensure SSH is enabled on the interface. |
| Emails not relaying | Mail flow policy not configured | Verify mail flow policy settings. |
| Incorrect IP configuration | Typographical error | Double-check IP and subnet mask entries. |