Advertisement

10.07.2008 at 08:28AM PDT, ID: 23794105
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.0

open port 443 for owa w/ asa5505

Asked by jrri in Cisco PIX Firewall

Trying to access OWA.  I thought i opened https to the proper address but it's not working, any help is apprecitated.


: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password I4c0AVstdlzGCow/ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 172.1.1.5 SRVI-FTP description ftp server
name 10.1.1.6 SRVISRV2 description mail server
name 215.11.1.0 Securence_1 description spam service
name 210.11.209.64 Securence_2 description spam service
name 146.1.1.210 Bad_Toolbar_Guy
name 216.107.222.56 Harrison_SQL
name 10.1.1.0 Internal_All
name 209.1.1.100 SRVSRV2_OUT
name 209.1.1.105 SRVI-FTP_OUT
name 10.1.1.5 SRVISRV1
name 209.1.1.101 SRVISRV1_OUT
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.1.1.250 255.255.255.0
 ospf cost 10
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 209.1.1.98 255.255.255.224
 ospf cost 10
!
interface Vlan3
 no forward interface Vlan1
 nameif DMZ
 security-level 50
 ip address 172.1.1.1 255.255.255.0
 ospf cost 10
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 3
!
interface Ethernet0/2
 switchport access vlan 3
!
interface Ethernet0/3
 switchport access vlan 3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
 name-server SRVISRV1
 name-server 10.1.1.8
 name-server 207.1.1.1
 name-server 207.1.1.129
 domain-name default.domain.invalid
object-group network Securance
 description Spam Filter addresses from Securance
 network-object Securence_2 255.255.255.192
 network-object Securence_1 255.255.255.0
object-group service SMTPAUTH tcp
 description Allow SMTP Authorization to Exchange (SRVSRV2)
 port-object eq 587
object-group service BAD_PORTS tcp
 description Block online file sharing and streaming
 port-object eq 1025
 port-object eq 1027
 port-object eq 1034
 port-object eq 1334
 port-object range 1433 1434
 port-object eq 2234
 port-object range 2336 2337
 port-object eq 2350
 port-object eq 2745
 port-object eq 3043
 port-object range 3127 3128
 port-object eq 31337
 port-object eq 3140
 port-object eq 3306
 port-object range 4000 4010
 port-object eq 41436
 port-object eq 4500
 port-object eq 5554
 port-object eq 6129
 port-object range 6346 6350
 port-object eq 6699
 port-object eq 6777
 port-object eq 8866
 port-object eq 8967
 port-object eq 9996
 port-object eq ident
object-group service BAD_PORTS_UDP udp
 description Block file sharing and streaming
 port-object range 1433 1434
 port-object eq 2234
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ftp
 port-object eq ftp-data
access-list DMZ_access_in extended permit tcp any host SRVI-FTP_OUT object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp Securence_1 255.255.255.0 host SRVISRV2 eq smtp inactive
access-list outside_access_in remark Block internet file sharing and streaming
access-list outside_access_in extended deny tcp any any object-group BAD_PORTS
access-list outside_access_in remark Block internet file sharing and streaming
access-list outside_access_in extended deny udp any any object-group BAD_PORTS_UDP
access-list outside_access_in remark Allow Securance Spam filter mail traffic to Exchange server (SRVISRV2)
access-list outside_access_in extended permit tcp object-group Securance host SRVSRV2_OUT eq smtp
access-list outside_access_in remark Allow SMTP authorization
access-list outside_access_in extended permit tcp any host SRVSRV2_OUT eq 587
access-list outside_access_in remark Secure Web interface for OWA (Exchange)
access-list outside_access_in extended permit tcp any host SRVSRV2_OUT eq https
access-list outside_access_in extended permit tcp any host SRVSRV2_OUT eq imap4
access-list outside_access_in extended permit tcp any host SRVI-FTP_OUT object-group DM_INLINE_TCP_1
access-list inside_access_in remark Harrison Price updates
access-list inside_access_in extended permit ip any host Harrison_SQL inactive
access-list inside_access_in remark Block internet file sharing and streaming
access-list inside_access_in extended deny tcp any any object-group BAD_PORTS inactive
access-list inside_access_in remark Block internet file sharing and streaming
access-list inside_access_in extended deny udp any any object-group BAD_PORTS_UDP inactive
access-list inside_access_in extended deny ip any host Bad_Toolbar_Guy
access-list inside_access_in extended permit ip host SRVISRV2 any
access-list inside_access_in extended permit ip Internal_All 255.255.255.0 any
access-list SRVIvpn_splitTunnelAcl standard permit Internal_All 255.255.255.0
access-list inside_nat0_outbound extended permit ip Internal_All 255.255.255.0 10.1.1.128 255.255.255.128
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu DMZ 1500
ip local pool VPNpool 10.1.1.185-10.1.1.199 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 209.1.1.120-209.1.1.126 netmask 255.255.255.224
global (outside) 1 interface
global (DMZ) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (DMZ,outside) SRVI-FTP_OUT SRVI-FTP netmask 255.255.255.255
static (inside,outside) SRVSRV2_OUT SRVISRV2 netmask 255.255.255.255
static (inside,outside) SRVISRV1_OUT SRVISRV1 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 209.1.1.97 10
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
http server enable
http Internal_All 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 64.103.36.133 255.255.255.255 outside
ssh timeout 5
console timeout 0

group-policy SRVIvpn internal
group-policy SRVIvpn attributes
 wins-server value 10.1.1.5 10.1.1.8
 dns-server value 10.1.1.5 10.1.1.8
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SRVIvpn_splitTunnelAcl
 default-domain value SRVINET.COM
username x password V6TEyok1IWRLNv.2 encrypted privilege 15
username x password dw0qiTJW/eKeyF6Z encrypted privilege 0
username x attributes
 vpn-group-policy SRVIvpn
tunnel-group SRVIvpn type ipsec-ra
tunnel-group SRVIvpn general-attributes
 address-pool VPNpool
 default-group-policy SRVIvpn
tunnel-group SRVIvpn ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:759b12e58639f452c3d58386f12ae69c
: end
asdm image disk0:/asdm-524.bin
asdm location SRVISRV2 255.255.255.255 inside
asdm location SRVI-FTP 255.255.255.255 inside
asdm location Securence_2 255.255.255.192 inside
asdm location Securence_1 255.255.255.0 inside
asdm location Internal_All 255.255.255.0 inside
asdm location Bad_Toolbar_Guy 255.255.255.255 inside
asdm location Harrison_SQL 255.255.255.255 inside
asdm location SRVISRV1 255.255.255.255 inside
asdm location SRVISRV1_OUT 255.255.255.255 inside
no asdm history enable


Start Free Trial
[+][-]10.07.2008 at 08:29AM PDT, ID: 22660309

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.07.2008 at 08:29AM PDT, ID: 22660317

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.07.2008 at 08:32AM PDT, ID: 22660349

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10.07.2008 at 08:43AM PDT, ID: 22660503

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10.07.2008 at 09:00AM PDT, ID: 22660700

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10.07.2008 at 09:15AM PDT, ID: 22660858

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Cisco PIX Firewall
Sign Up Now!
Solution Provided By: dj_ludachris
Participating Experts: 3
Solution Grade: A
 
 
[+][-]10.07.2008 at 09:39AM PDT, ID: 22661117

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10.07.2008 at 09:57AM PDT, ID: 22661297

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]10.07.2008 at 10:50AM PDT, ID: 22661748

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]10.07.2008 at 12:16PM PDT, ID: 22662639

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628