[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 547
  • Last Modified:

OWA through ASA

Hi I have a ASA5510 and am having trouble getting inbound HTTPS (outlook web access) to work.  Basically I have setup a static NAT into the exchange server and allowed HTTPS to this.  I must be missing something.  If I ping the external ip/url the asa log shows it being blocked (good) but when a user trys to conenct to "https://mail.mydomain.com" it does not work and the log does not say much - some code attached

* EDIT by modus_in_rebus * edited out IP address
object-group service Webmail tcp
 description HTTP HTTPS
 port-object eq www
 port-object eq https
access-list Outside_access_in extended permit tcp any host xxx.xxx.xxx.201 object-group Webmail 
static (Data_internal,Outside) xxx.xxx.xxx.201 netmask 
access-group Outside_access_in in interface Outside
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect mgcp

Open in new window

  • 2
  • 2
1 Solution
Ehab SalemCommented:
Did you allow outgoing traffic as well?
gerard_mcveighAuthor Commented:
Ah yes ASA blocks oubound by default also?  What would that line look like so I can check?
Ehab SalemCommented:
I am not familiar with ASA firewall, but it should be an access-group for interface inside.
gerard_mcveighAuthor Commented:
Not sure but I can access HTTPS websites from my PC which uses the ASA as its gateway
Raj-GTSystems EngineerCommented:
By default, ASA wont block access from a high security interface to a lower security one (internal to external here). The first thing you should check is the static mapping. Browse to http://www.whatsmyip.org/ from your Exchange server, if you see the static IP, xxx.xxx.xxx.201 then the IP mapping is correct.

The next thing to test is routing from the Exchange server, is the server using the ASA as it's default gateway? If it is, can it access the internet?

* EDIT by modus_in_rebus * edited out IP address

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now