Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1097
  • Last Modified:

OWA not working on Cisco ASA 5505

Owa works internally, but I can not use owa or recieve mail inbound

I have attached the config for the ASA
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 no ip address
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd xBw6sb8XZahJEW7r encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name cityofmaywood.org
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list 101 extended permit tcp host host eq tel
access-list 101 extended permit tcp host 12.198.2
01.93 eq telnet
access-list 101 extended permit tcp host host eq tel
access-list 101 extended permit tcp any host eq netbios-ssn
access-list 101 extended permit tcp any host eq 135
access-list 101 extended permit tcp any eq www host eq www
access-list 101 extended permit tcp any host eq https
access-list 101 extended permit udp any host eq netbios-ns
access-list 101 extended permit udp any host eq netbios-dgm
pager lines 24
logging enable
logging asdm emergencies
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
static (inside,outside) tcp www www netmask 255.255.25
static (inside,outside) tcp https https netmask 255.25
static (inside,outside) tcp smtp smtp netmask 255.255.
static (inside,outside) netmask
access-group 101 in interface outside
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username mshapiro password YGMhyG0aiKoM9t0u encrypted privilege 15
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address inside
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
service-policy global_policy global
prompt hostname context
: end

Open in new window

  • 4
  • 4
3 Solutions
You need to open udp port 1755 as well.
Britt ThompsonSr. Systems EngineerCommented:
You need to add:
access-list 101 extended permit tcp any host eq smtp

Also, have you added a public url to your OWA setup in Exchange System Manager?
drcrash1Author Commented:
Ok, I get to the login prompt, but it keeps repeating even after I put in my credentials?
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Britt ThompsonSr. Systems EngineerCommented:
Use the DOMAIN\username syntax if you're not.
drcrash1Author Commented:
Already tried that,
Britt ThompsonSr. Systems EngineerCommented:
Is it coming up with the OWA authentication form web page or is a pop up asking for a username and password?
drcrash1Author Commented:
it is a popup
Britt ThompsonSr. Systems EngineerCommented:
Doesn't sound right...are you sure you have your OWA public URL setup correctly? This could be a permissions issue on the virtual directory in IIS. The last 2 times I setup Exchange I had to reset the password for the server's IUSR account and re-enter into the virtual directory anonymous access sections.
drcrash1Author Commented:
I think it is set correctly

What would cause the windows username/password screen externally but give the owa login internally

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now