OWA not working on Cisco ASA 5505

Posted on 2009-04-28
Last Modified: 2013-11-16
Owa works internally, but I can not use owa or recieve mail inbound

I have attached the config for the ASA


interface Vlan1

 nameif inside

 security-level 100

 ip address


interface Vlan2

 nameif outside

 security-level 0

 ip address


interface Vlan3

 no forward interface Vlan1

 nameif dmz

 security-level 50

 no ip address


interface Ethernet0/0

 switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


passwd xBw6sb8XZahJEW7r encrypted

ftp mode passive

dns server-group DefaultDNS


same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list 101 extended permit tcp host host eq tel


access-list 101 extended permit tcp host 12.198.2

01.93 eq telnet

access-list 101 extended permit tcp host host eq tel


access-list 101 extended permit tcp any host eq netbios-ssn

access-list 101 extended permit tcp any host eq 135

access-list 101 extended permit tcp any eq www host eq www

access-list 101 extended permit tcp any host eq https

access-list 101 extended permit udp any host eq netbios-ns

access-list 101 extended permit udp any host eq netbios-dgm

pager lines 24

logging enable

logging asdm emergencies

mtu inside 1500

mtu outside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

static (inside,outside) tcp www www netmask 255.255.25


static (inside,outside) tcp https https netmask 255.25


static (inside,outside) tcp smtp smtp netmask 255.255.


static (inside,outside) netmask

access-group 101 in interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

username mshapiro password YGMhyG0aiKoM9t0u encrypted privilege 15

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside


dhcpd address inside



class-map inspection_default

 match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp


service-policy global_policy global

prompt hostname context


: end

Open in new window

Question by:drcrash1
    LVL 17

    Expert Comment

    You need to open udp port 1755 as well.
    LVL 30

    Accepted Solution

    You need to add:
    access-list 101 extended permit tcp any host eq smtp

    Also, have you added a public url to your OWA setup in Exchange System Manager?

    Author Comment

    Ok, I get to the login prompt, but it keeps repeating even after I put in my credentials?
    LVL 30

    Expert Comment

    Use the DOMAIN\username syntax if you're not.

    Author Comment

    Already tried that,
    LVL 30

    Assisted Solution

    Is it coming up with the OWA authentication form web page or is a pop up asking for a username and password?

    Author Comment

    it is a popup
    LVL 30

    Assisted Solution

    Doesn't sound right...are you sure you have your OWA public URL setup correctly? This could be a permissions issue on the virtual directory in IIS. The last 2 times I setup Exchange I had to reset the password for the server's IUSR account and re-enter into the virtual directory anonymous access sections.

    Author Comment

    I think it is set correctly

    What would cause the windows username/password screen externally but give the owa login internally

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now