[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Configure Exchange 2003 Behind Cisco ASA

Posted on 2009-02-11
Medium Priority
Last Modified: 2012-07-03

I want to setup an exchange server behind Cisco ASA. I have a static ip from the ISP with Subnet mask and Gateway details. My setup is as mentioned below.

Static IP from ISP - 80.227.*.*

Subnet Mask -

Gateway - 80.227.**

My internal IP is and my mail server ip is

I know in ASA for outside interface i should give the Static Ip i have with Subnet mask from ISP and by setting up default gateway on routing i should be able to browse the network from my LAN. (Correct me if i am wrong)

I have an MX record for my domain with the static ip i am having.

What i want to know is how i should configure mails coming to the static ip to go to the exchange server with LAN ip

For eg i want all traffic coming from outside on ports http, https, pop3, smtp and IMAP to go to mail server.


Question by:qman2007
LVL 15

Assisted Solution

tntmax earned 800 total points
ID: 23611396
You'll need to add static NAT translations to the firewall. You'll also need to add ACL to permit the translation.

I'm looking up the actual syntax, give me one second.
LVL 43

Accepted Solution

JFrederick29 earned 1200 total points
ID: 23611408
Yes, configure the static IP and mask from your ISP on the outside interface on the ASA.  Add a default route using the gateway IP provided by your ISP.

The following will give your internal LAN outbound web access:

global (outside) 1 interface
nat (inside) 1

In addition, you also need to allow the ports through the ASA as well as setup the static NAT translations.

access-list outside_access_in extended permit tcp any interface outside eq 80
access-list outside_access_in extended permit tcp any interface outside eq 443
access-list outside_access_in extended permit tcp any interface outside eq 25
access-list outside_access_in extended permit tcp any interface outside eq 110
access-list outside_access_in extended permit tcp any interface outside eq 143

static (inside,outside) tcp interface 80 80 netmask
static (inside,outside) tcp interface 443 443 netmask
static (inside,outside) tcp interface 25 25 netmask
static (inside,outside) tcp interface 110 110 netmask
static (inside,outside) tcp interface 143 143 netmask
LVL 15

Expert Comment

ID: 23611449
So here's your NAT translation:

static (inside,outside) tcp interface smtp netmask

Then you'll need an ACL:

access-list inbound extended permit tcp any host 80.227.*.* eq smtp

You'll need that for each port that you want forwarded to your server. Replace the * with the actual IP address numbers. This would be just for port 25.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 15

Expert Comment

ID: 23611457
haha, beat by the faster typist.
LVL 43

Expert Comment

ID: 23611466

Author Comment

ID: 23619369

Thanks for all your comments. Let me check the same and will come back to you. If anyone can tell me how to do the same using GUI (Connected to ASA using ADSM) it will be more helpfull. Sorry, i am not that great in Command.

 Appreciate all your help


LVL 43

Expert Comment

ID: 23621249
Should be able to simply copy and paste the commands into the CLI without modification.

Expert Comment

ID: 24500001
Should he be purchasing Cisco gear? Sorry Im just being an ass.

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month19 days, 22 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question