Configure Exchange 2003 Behind Cisco ASA

Hi,

I want to setup an exchange server behind Cisco ASA. I have a static ip from the ISP with Subnet mask and Gateway details. My setup is as mentioned below.

Static IP from ISP - 80.227.*.*

Subnet Mask - 255.255.255.252

Gateway - 80.227.**

My internal IP is 192.168.1.0/24 and my mail server ip is 192.168.1.7

I know in ASA for outside interface i should give the Static Ip i have with Subnet mask from ISP and by setting up default gateway on routing i should be able to browse the network from my LAN. (Correct me if i am wrong)

I have an MX record for my domain with the static ip i am having.

What i want to know is how i should configure mails coming to the static ip to go to the exchange server with LAN ip 192.168.1.7

For eg i want all traffic coming from outside on ports http, https, pop3, smtp and IMAP to go to mail server.

Thanks

Qman
qman2007Asked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
Yes, configure the static IP and mask from your ISP on the outside interface on the ASA.  Add a default route using the gateway IP provided by your ISP.

The following will give your internal LAN outbound web access:

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

In addition, you also need to allow the ports through the ASA as well as setup the static NAT translations.

access-list outside_access_in extended permit tcp any interface outside eq 80
access-list outside_access_in extended permit tcp any interface outside eq 443
access-list outside_access_in extended permit tcp any interface outside eq 25
access-list outside_access_in extended permit tcp any interface outside eq 110
access-list outside_access_in extended permit tcp any interface outside eq 143

static (inside,outside) tcp interface 80 192.168.1.7 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 192.168.1.7 443 netmask 255.255.255.255
static (inside,outside) tcp interface 25 192.168.1.7 25 netmask 255.255.255.255
static (inside,outside) tcp interface 110 192.168.1.7 110 netmask 255.255.255.255
static (inside,outside) tcp interface 143 192.168.1.7 143 netmask 255.255.255.255
0
 
tntmaxConnect With a Mentor Commented:
You'll need to add static NAT translations to the firewall. You'll also need to add ACL to permit the translation.

I'm looking up the actual syntax, give me one second.
0
 
tntmaxCommented:
So here's your NAT translation:

static (inside,outside) tcp interface smtp 192.168.1.7 netmask 255.255.255.255


Then you'll need an ACL:

access-list inbound extended permit tcp any host 80.227.*.* eq smtp

You'll need that for each port that you want forwarded to your server. Replace the * with the actual IP address numbers. This would be just for port 25.
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
tntmaxCommented:
haha, beat by the faster typist.
0
 
JFrederick29Commented:
<8-}
0
 
qman2007Author Commented:
Guys,

Thanks for all your comments. Let me check the same and will come back to you. If anyone can tell me how to do the same using GUI (Connected to ASA using ADSM) it will be more helpfull. Sorry, i am not that great in Command.

 Appreciate all your help

Thanks

Qman
0
 
JFrederick29Commented:
Should be able to simply copy and paste the commands into the CLI without modification.
0
 
pniazCommented:
Should he be purchasing Cisco gear? Sorry Im just being an ass.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.