Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1097
  • Last Modified:

OWA not working on Cisco ASA 5505

Owa works internally, but I can not use owa or recieve mail inbound

I have attached the config for the ASA
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.131 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 12.198.201.91 255.255.255.248
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 no ip address
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xBw6sb8XZahJEW7r encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name cityofmaywood.org
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list 101 extended permit tcp host 65.204.151.61 host 12.198.201.93 eq tel
net
access-list 101 extended permit tcp 63.103.176.208 255.255.255.240 host 12.198.2
01.93 eq telnet
access-list 101 extended permit tcp host 216.241.38.16 host 12.198.201.93 eq tel
net
access-list 101 extended permit tcp any host 12.198.201.91 eq netbios-ssn
access-list 101 extended permit tcp any host 12.198.201.91 eq 135
access-list 101 extended permit tcp any eq www host 12.198.201.91 eq www
access-list 101 extended permit tcp any host 12.198.201.91 eq https
access-list 101 extended permit udp any host 12.198.201.91 eq netbios-ns
access-list 101 extended permit udp any host 12.198.201.91 eq netbios-dgm
pager lines 24
logging enable
logging asdm emergencies
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 12.198.201.91 www 192.168.1.3 www netmask 255.255.25
5.255
static (inside,outside) tcp 12.198.201.91 https 192.168.1.3 https netmask 255.25
5.255.255
static (inside,outside) tcp 12.198.201.91 smtp 192.168.1.3 smtp netmask 255.255.
255.255
static (inside,outside) 12.198.201.93 192.168.1.252 netmask 255.255.255.255
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 12.198.201.89 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username mshapiro password YGMhyG0aiKoM9t0u encrypted privilege 15
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.132-192.168.1.254 inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:6e707b5e36ecdf643a2b865f759355fd
: end

Open in new window

0
drcrash1
Asked:
drcrash1
  • 4
  • 4
3 Solutions
 
2PiFLCommented:
You need to open udp port 1755 as well.
0
 
Britt ThompsonSr. Systems EngineerCommented:
You need to add:
access-list 101 extended permit tcp any host 12.198.201.91 eq smtp

Also, have you added a public url to your OWA setup in Exchange System Manager?
0
 
drcrash1Author Commented:
Ok, I get to the login prompt, but it keeps repeating even after I put in my credentials?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Britt ThompsonSr. Systems EngineerCommented:
Use the DOMAIN\username syntax if you're not.
0
 
drcrash1Author Commented:
Already tried that,
0
 
Britt ThompsonSr. Systems EngineerCommented:
Is it coming up with the OWA authentication form web page or is a pop up asking for a username and password?
0
 
drcrash1Author Commented:
it is a popup
0
 
Britt ThompsonSr. Systems EngineerCommented:
Doesn't sound right...are you sure you have your OWA public URL setup correctly? This could be a permissions issue on the virtual directory in IIS. The last 2 times I setup Exchange I had to reset the password for the server's IUSR account and re-enter into the virtual directory anonymous access sections.
0
 
drcrash1Author Commented:
I think it is set correctly

What would cause the windows username/password screen externally but give the owa login internally
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now