Solved

VPN Client connects but cant route between it and LAN

Posted on 2008-10-27
5
1,057 Views
Last Modified: 2012-05-05
We have an ASA5510 configured ok to acces the internet etc, users can access the portal ok and download the AnyConnect SSL client and get LAN access etc, but it only has the default 2 licenses.

They bought 250 IPSec licenses, so we set up IPSec VPN access, and have eventually got the client to connect to the VPN, but for the life of us we cant narrow down what is stopping access.

it looks like an ACL doing it, but we cant see which one could.

you can telnet the firewall and ping the LAN, and ping the VPN client, etc, but they cant access one another.

it continually logs

10.10.11.3      47070      UKDC01      53      Authorization denied (acl=DAP-ip-user-B0BF360E) for user 'administrator' from 10.10.11.3/47070 to UKDC01/53 on interface PublicINT using UDP

for all protocols from the VPN client.

Cheers
ASA Version 8.0(4) 

!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

!

interface Ethernet0/0

 nameif PublicINT

 security-level 0

 ip address PublicIP 255.255.255.240 

!

interface Ethernet0/1

 nameif DMZ

 security-level 0

 ip address 172.16.1.1 255.255.255.0 

!

interface Ethernet0/2

 nameif LAN

 security-level 100

 ip address 172.27.1.201 255.255.0.0 

!

interface Ethernet0/3

 nameif WLAN

 security-level 10

 ip address 10.0.0.1 255.255.255.0 

!

interface Management0/0

 nameif management

 security-level 100

 ip address 192.168.1.1 255.255.255.0 

!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

access-list PublicINT_access_in remark VPN

access-list PublicINT_access_in extended permit udp any any eq isakmp 

access-list PublicINT_access_in remark any NTL provided IP can ping another for testing

access-list PublicINT_access_in extended permit icmp xxx.xxx.xxx.xxx 255.255.255.240 any log disable 

access-list PublicINT_access_in remark Allow LAN pinging

access-list PublicINT_access_in extended permit icmp 172.27.0.0 255.255.0.0 any log disable 

access-list PublicINT_access_in remark Allow PPTP Tunnel back in to LAN after initialisation

access-list PublicINT_access_in extended permit gre any 172.27.0.0 255.255.0.0 log disable 

access-list PublicINT_access_in remark Allow PPTP creation outbound

access-list PublicINT_access_in extended permit tcp any any eq pptp log disable 

access-list PublicINT_access_in remark any ping will dooo

access-list PublicINT_access_in extended permit icmp any any log disable 

access-list PublicINT_access_in remark for email inbound

access-list PublicINT_access_in extended permit tcp object-group DM_INLINE_NETWORK_1 any eq smtp log disable 

access-list PublicINT_access_in remark for OWA inbound to .91, includes this firewall too but that has a separate ACL

access-list PublicINT_access_in extended permit tcp any any eq https log disable 

access-list PublicINT_access_in remark support can RDP like a goodun

access-list PublicINT_access_in extended permit tcp supportFurlong 255.255.255.0 any object-group RDP log disable 

access-list PublicINT_access_in extended permit tcp 172.27.0.0 255.255.0.0 10.10.11.0 255.255.255.0 

access-list LAN_to_VPN_outbound remark Allow LAN route back to VPN users

access-list LAN_to_VPN_outbound extended permit ip 172.27.0.0 255.255.0.0 10.10.11.0 255.255.255.0 log disable 

access-list DefaultRAGroup_splitTunnelAcl_1 standard permit 172.27.0.0 255.255.0.0 

access-list LAN_access_in remark Allow LAN access other interfaces

access-list LAN_access_in extended permit ip 172.27.0.0 255.255.0.0 any log disable 

access-list DMZ_access_in remark DMZ allowed out

access-list DMZ_access_in extended permit ip any any log disable 

access-list DMZ_access_in remark Blocked from LAN

access-list DMZ_access_in extended deny ip any 172.27.0.0 255.255.0.0 log disable 

access-list DefaultRAGroup_splitTunnelAcl standard permit 172.27.0.0 255.255.0.0 

access-list DefaultRAGroup_splitTunnelAcl remark Access to LAN

access-list VPN-Pool_tun remark Access to VPN Pool

access-list VPN-Pool_tun standard permit 10.10.11.0 255.255.255.0 

access-list VPN-Pool_tun remark Access to LAN

access-list VPN-Pool_tun standard permit 172.27.0.0 255.255.0.0 

access-list VPN_to_LAN_Inbound remark Access for VPN Users to LAN

access-list VPN_to_LAN_Inbound extended permit ip 10.10.11.0 255.255.255.0 172.27.0.0 255.255.0.0 log disable 

access-list management_nat_outbound remark for testing anywhere on management DHCP interface

access-list management_nat_outbound extended permit ip any any 

access-list LAN_nat_outbound remark allow LAN/NAT access

access-list LAN_nat_outbound extended permit ip any any 

access-list PublicINT_cryptomap extended permit ip 172.27.0.0 255.255.0.0 10.10.11.0 255.255.255.0 

access-list DefaultRAGroup_splitTunnelAcl_2 standard permit 172.27.0.0 255.255.0.0 

access-list CompanyVPN-Group_splitTunnelAcl standard permit 172.27.0.0 255.255.0.0 

access-list PublicINT_dyn_map extended permit ip any 10.10.11.0 255.255.255.0 

pager lines 24

logging enable

logging timestamp

logging list VPN-Log level debugging class vpn

logging buffer-size 50000

logging console informational

logging buffered informational

logging history informational

logging asdm informational

mtu PublicINT 1500

mtu DMZ 1500

mtu LAN 1500

mtu WLAN 1500

mtu management 1500

ip local pool AnyConnectPool 10.10.11.0-10.10.11.254 mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400

nat-control

global (PublicINT) 1 interface

nat (LAN) 0 access-list LAN_to_VPN_outbound

nat (LAN) 1 access-list LAN_nat_outbound

nat (management) 1 access-list management_nat_outbound

static (LAN,PublicINT) xxx.xxx.xxx.xxx ExchangeUK netmask 255.255.255.255 

access-group PublicINT_access_in in interface PublicINT

access-group DMZ_access_in in interface DMZ

access-group LAN_access_in in interface LAN

route PublicINT 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

 network-acl PublicINT_dyn_map

 webvpn

  url-list value CompanyBookmarks

  file-browsing enable

  file-entry enable

  url-entry enable

  svc ask enable default webvpn

aaa-server AD_RADIUS protocol radius

 max-failed-attempts 5

aaa-server AD_RADIUS (LAN) host UKDC01

 key c1sc0

 radius-common-pw c1sc0

 acl-netmask-convert auto-detect

aaa-server AD_RADIUS (LAN) host UKDC03

 key c1sc0

 radius-common-pw c1sc0

aaa authentication serial console AD_RADIUS LOCAL

aaa authentication http console LOCAL 

aaa authentication ssh console LOCAL 

aaa authentication telnet console LOCAL 

aaa authentication enable console LOCAL 

http server enable

http supportFurlong 255.255.255.0 PublicINT

http xxx.xxx.xxx.xxx 255.255.255.240 PublicINT

http 172.27.0.0 255.255.0.0 LAN

http 192.168.1.0 255.255.255.0 management

http xxx.xxx.xxx.xxx 255.255.252.0 PublicINT

http redirect management 81

http redirect LAN 81

http redirect PublicINT 81

snmp-server host PublicINT xx.xxx.167.6 community snmp version 2c udp-port 161

snmp-server location Abingdon

no snmp-server contact

snmp-server community snmp

snmp-server enable traps snmp authentication linkup linkdown coldstart

auth-prompt accept *** Welcome to Company Abingdon *** 

auth-prompt reject *** Please contact Support at support@wibble.net in the event of logon problems *** 

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac 

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map PublicINT_dyn_map 20 match address PublicINT_dyn_map

crypto dynamic-map PublicINT_dyn_map 20 set pfs 

crypto dynamic-map PublicINT_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map PublicINT_dyn_map 20 set security-association lifetime seconds 28800

crypto dynamic-map PublicINT_dyn_map 20 set security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000

crypto map PublicINT_map 65534 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map PublicINT_map 65535 ipsec-isakmp dynamic PublicINT_dyn_map

crypto map PublicINT_map interface PublicINT

crypto ca trustpoint CompanyASA

 enrollment self

 subject-name CN=Head Office FW,O=Company,C=UK,L=Abingdon

 crl configure

crypto ca trustpoint LOCAL-CA-SERVER

 keypair LOCAL-CA-SERVER

 crl configure

crypto ca server 

crypto ca certificate chain CompanyASA

 certificate 31

    xxxxxxxxxxxxxxx

  quit

crypto ca certificate chain LOCAL-CA-SERVER

 certificate ca 01

    xxxxxxxxxxxxxxx

  quit

crypto isakmp identity address 

crypto isakmp enable PublicINT

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 1

 lifetime 86400

crypto isakmp policy 30

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

vpn-sessiondb max-webvpn-session-limit 2

~~~~~~~~~~~~~~~~~~~~~~~~~~

webvpn

 enable PublicINT

 enable LAN

 enable management

 csd image disk0:/images/securedesktop-asa-3.3.0.129-k9.pkg

 svc image disk0:/images/anyconnect-win-2.2.0140-k9.pkg 1 regex "Windows NT"

 svc image disk0:/images/anyconnect-linux-2.2.0140-k9.pkg 3 regex "Linux"

 svc image disk0:/images/anyconnect-macosx-i386-2.2.0140-k9.pkg 4 regex "PPC Mac OS X"

 svc enable

 port-forward test smtp 172.27.1.80 smtp 

 tunnel-group-list enable

 group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

 dns-server value 172.27.1.11 172.27.1.33

 vpn-tunnel-protocol l2tp-ipsec 

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl_2

 default-domain value Company.com

group-policy DfltGrpPolicy attributes

 dns-server value 172.27.1.11 172.27.1.33

 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

 ipsec-udp enable

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value VPN-Pool_tun

 default-domain value Company.com

 secure-unit-authentication enable

 address-pools value AnyConnectPool

 webvpn

  url-list value CompanyBookmarks

  svc ask enable default webvpn timeout 5

group-policy CompanyVPN-Group internal

group-policy CompanyVPN-Group attributes

 dns-server value 172.27.1.11 172.27.1.33

 vpn-tunnel-protocol IPSec 

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value PublicINT_cryptomap

 default-domain value Company.com

username supporttemp password xxxxxxxxxxxxxxxxx encrypted

username admin password xxxxxxxxxxxxxxxxxxx encrypted privilege 15

username admin attributes

 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

 password-storage disable

 webvpn

  customization value DfltCustomization

  svc keep-installer none

username administrator password xxxxxxxxxxxxxxxxxx encrypted privilege 15

username Company password xxxxxxxxxxxxxxxxxxx encrypted

tunnel-group DefaultRAGroup general-attributes

 address-pool AnyConnectPool

 authentication-server-group AD_RADIUS

 authentication-server-group (PublicINT) AD_RADIUS LOCAL

 authorization-server-group LOCAL

 authorization-server-group (PublicINT) AD_RADIUS

 default-group-policy DefaultRAGroup

 authorization-required

tunnel-group DefaultRAGroup webvpn-attributes

 group-alias VPNClientWin32 disable

tunnel-group DefaultRAGroup ipsec-attributes

 pre-shared-key *

 peer-id-validate nocheck

tunnel-group DefaultRAGroup ppp-attributes

 authentication ms-chap-v2

tunnel-group DefaultWEBVPNGroup general-attributes

 authentication-server-group AD_RADIUS LOCAL

 authentication-server-group (LAN) AD_RADIUS LOCAL

 authorization-server-group AD_RADIUS

 authorization-server-group (LAN) AD_RADIUS

 authorization-required

tunnel-group DefaultWEBVPNGroup webvpn-attributes

 group-alias DefaultWEBVPNGroup disable

tunnel-group CompanyWebSSL type remote-access

tunnel-group CompanyWebSSL general-attributes

 address-pool AnyConnectPool

 authentication-server-group AD_RADIUS LOCAL

tunnel-group CompanyWebSSL webvpn-attributes

 group-alias Company enable

 dns-group InternalDNS

tunnel-group CompanyVPN-Group type remote-access

tunnel-group CompanyVPN-Group general-attributes

 address-pool AnyConnectPool

 authentication-server-group AD_RADIUS LOCAL

 default-group-policy CompanyVPN-Group

 authorization-required

tunnel-group CompanyVPN-Group ipsec-attributes

 pre-shared-key *

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns migrated_dns_map_1

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns migrated_dns_map_1 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect sqlnet 

  inspect skinny  

  inspect sunrpc 

  inspect xdmcp 

  inspect sip  

  inspect netbios 

  inspect tftp 

  inspect pptp 

!

service-policy global_policy global

smtp-server xx.xxx.161.4

prompt hostname context

Open in new window

0
Comment
Question by:gurner78
  • 3
  • 2
5 Comments
 
LVL 2

Expert Comment

by:JimmyLarsson
ID: 22815202
Hello

Unless you have configured aaa authorization by porpose you should remove the "authorization-required" on each tunnel-group (including DefaulRAGroup).

Please not the difference between authentication and authorization. The most common use of AAA is for authentication (who is it?). Authorization (what is he allowed to do?) and accounting (what did he do?) are rarely used.

Br Jimmy
0
 

Author Comment

by:gurner78
ID: 22816247
Thanks, tried it but it still does the same thing, continuously logging that error with every ping/access attempt etc

i deleted every instance of it from each tunnel as requested, but wonder if it is still in effect somewhere?

Cheers
0
 
LVL 2

Expert Comment

by:JimmyLarsson
ID: 22816818
do some debugging. Like

logging on
logging monitor 4
term mon
deb aaa authen
deb aaa author

Br Jimmy
0
 

Author Comment

by:gurner78
ID: 22817162
logging on the terminal only showed when i logged off, but i relented on the ASDM and spun up the logging on that and caught this (from the bottom up) the logon, then the error about Authorization Denied (even with those lines taken out the tunnels)

as a quick thought, its uses a basic IAS/Radius pass through to a win2k server set with default policy settings, MS Chap v2, MS Chap, PAP, SPAP, all Encryption tick boxes picked, Grant Remote Access during 24hrs, etc.  that couldnt be having an effect? i wouldnt ave thought so, as it gets connected ok?

------------------------------------------
6|Oct 27 2008|21:17:05|109025|10.10.11.3|51381|UKDC03|53|Authorization denied (acl=DAP-ip-user-B0BF360E) for user 'administrator' from 10.10.11.3/51381 to UKDC03/53 on interface PublicINT using UDP
6|Oct 27 2008|21:17:05|109025|10.10.11.3|51381|UKDC01|53|Authorization denied (acl=DAP-ip-user-B0BF360E) for user 'administrator' from 10.10.11.3/51381 to UKDC01/53 on interface PublicINT using UDP
6|Oct 27 2008|21:17:03|109025|10.10.11.3|51381|UKDC03|53|Authorization denied (acl=DAP-ip-user-B0BF360E) for user 'administrator' from 10.10.11.3/51381 to UKDC03/53 on interface PublicINT using UDP
6|Oct 27 2008|21:17:02|109025|10.10.11.3|51381|UKDC01|53|Authorization denied (acl=DAP-ip-user-B0BF360E) for user 'administrator' from 10.10.11.3/51381 to UKDC01/53 on interface PublicINT using UDP

6|Oct 27 2008|21:16:58|305011|172.27.6.113|4687|PublicIP|34341|Built dynamic TCP translation from LAN:172.27.6.113/4687 to PublicINT(LAN_nat_outbound):PublicIP/34341
5|Oct 27 2008|21:16:53|713120|||||Group = CompanyVPN-Group, Username = administrator, IP = 62.xxx.xxx.xx, PHASE 2 COMPLETED (msgid=101949b5)
6|Oct 27 2008|21:16:53|602303|||||IPSEC: An inbound remote access SA (SPI= 0xD9EA32CA) between PublicIP and 62.xxx.xxx.xx (user= administrator) has been created.
5|Oct 27 2008|21:16:53|713049|||||Group = CompanyVPN-Group, Username = administrator, IP = 62.xxx.xxx.xx, Security negotiation complete for User (administrator)  Responder, Inbound SPI = 0xd9ea32ca, Outbound SPI = 0xe94c2c53
6|Oct 27 2008|21:16:53|602303|||||IPSEC: An outbound remote access SA (SPI= 0xE94C2C53) between PublicIP and 62.xxx.xxx.xx (user= administrator) has been created.
5|Oct 27 2008|21:16:53|713075|||||Group = CompanyVPN-Group, Username = administrator, IP = 62.xxx.xxx.xx, Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds
5|Oct 27 2008|21:16:53|713119|||||Group = CompanyVPN-Group, Username = administrator, IP = 62.xxx.xxx.xx, PHASE 1 COMPLETED
6|Oct 27 2008|21:16:53|713228|||||Group = CompanyVPN-Group, Username = administrator, IP = 62.xxx.xxx.xx, Assigned private IP address 10.10.11.3 to remote user
6|Oct 27 2008|21:16:53|737006|||||IPAA: Local pool request succeeded for tunnel-group 'CompanyVPN-Group'
6|Oct 27 2008|21:16:53|737026|||||IPAA: Client assigned 10.10.11.3 from local pool
6|Oct 27 2008|21:16:53|713184|||||Group = CompanyVPN-Group, Username = administrator, IP = 62.xxx.xxx.xx, Client Type: WinNT  Client Application Version: 5.0.04.0300
5|Oct 27 2008|21:16:53|713130|||||Group = CompanyVPN-Group, Username = administrator, IP = 62.xxx.xxx.xx, Received unsupported transaction mode attribute: 5
6|Oct 27 2008|21:16:53|734001|||||DAP: User administrator, Addr 62.xxx.xxx.xx, Connection IPSec: The following DAP records were selected for this connection: DfltAccessPolicy
6|Oct 27 2008|21:16:53|113008|||||AAA transaction status ACCEPT : user = administrator
6|Oct 27 2008|21:16:53|113009|||||AAA retrieved default group policy (CompanyVPN-Group) for user = administrator
6|Oct 27 2008|21:16:53|113004|||||AAA user authentication Successful : server =  UKDC01 : user = administrator
6|Oct 27 2008|21:16:53|713172|||||Group = CompanyVPN-Group, IP = 62.xxx.xxx.xx, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
0
 

Accepted Solution

by:
gurner78 earned 0 total points
ID: 22820346
I figured it out at last this morning, it is connected to the vpn and I have a continuous ping running and am able to RDP internal servers ok

I changed this set of lines, from

dynamic-access-policy-record DfltAccessPolicy
 network-acl PublicINT_dyn_map

to

dynamic-access-policy-record DfltAccessPolicy
 network-acl LAN_nat_outbound

The old ACL 'PublicINT_dyn_map' is defined as 'access-list PublicINT_dyn_map extended permit ip any 10.10.11.0 255.255.255.0'

The one now currently being used, 'LAN_nat_outbound' was created for the outbound 'dynamic' NAT rule, and is just 'access-list LAN_nat_outbound extended permit ip any any' and when applied it just started working!

I changed the Split Tunnel used from VPN-Pool_tun to CompanyVPN-Group_splitTunnelAcl, but I think this was a coincidence, as they are the same except no 'permit 10.10.11.0...'

access-list VPN-Pool_tun standard permit 10.10.11.0 255.255.255.0
access-list VPN-Pool_tun standard permit 172.27.0.0 255.255.0.0

access-list CompanyVPN-Group_splitTunnelAcl standard permit 172.27.0.0 255.255.0.0


However, i swear ive tried this before, so think some condition on the firewall is different this time around, and it has a better impact.  what it is i cant really be sure, but wondered if your Authorization-required' removal helped, but either way im not going to add it to test again, ha.

so ive made multiple copies of the config and locked it all down so no one can change it (with out the main account)

Cheers

Gurner
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now