pfdrinstr
asked on
ASA 5510 Email and Terminal issues
I am having two issues:
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected
Below is my congig
ASA Version 8.3(1)
!
hostname wsigateway
domain-name wsystems.com
enable password yVSkMxWRc/S396FB encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXX
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.0.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 172.23.59.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name wsystems.com
object network email_server_static
host 192.168.1.222
object network wsiftp_static
host 192.168.1.188
object network terminal1_static
host 192.168.1.191
object network ram_static
host 192.168.1.116
object network wsi_internal_lan
subnet 192.168.0.0 255.255.0.0
object network Baccuda
host 192.168.1.107
object-group service RDP tcp
port-object eq 3389
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq smtp
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq ftp
access-list 100 extended permit tcp any host 64..XXX.XXX.XXX eq 3389
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq 162
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq https
access-list 100 extended permit tcp any host 192.168.0.0 eq smtp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp-data
access-list 100 extended permit tcp any host 192.168.0.0 eq pop3
access-list acl_out extended permit tcp any host 192.168.1.222 eq https
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (management,outside) source dynamic any interface
!
object network email_server_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network wsiftp_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network terminal1_static
nat (inside,outside) static 64.XXX.XXX.XXX service tcp 3389 3389
object network ram_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network wsi_internal_lan
nat (inside,outside) dynamic interface
object network Baccuda
nat (any,any) static 64.XXX.XXX.XXX
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 64.XXX.XXX.XXX1
route inside 192.168.0.0 255.255.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco rd DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.23.59.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:61dd614b76a 12c7d8f3ad a886d7da8c 6
: end
wsigateway#
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected
Below is my congig
ASA Version 8.3(1)
!
hostname wsigateway
domain-name wsystems.com
enable password yVSkMxWRc/S396FB encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXX
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.0.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 172.23.59.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name wsystems.com
object network email_server_static
host 192.168.1.222
object network wsiftp_static
host 192.168.1.188
object network terminal1_static
host 192.168.1.191
object network ram_static
host 192.168.1.116
object network wsi_internal_lan
subnet 192.168.0.0 255.255.0.0
object network Baccuda
host 192.168.1.107
object-group service RDP tcp
port-object eq 3389
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq smtp
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq ftp
access-list 100 extended permit tcp any host 64..XXX.XXX.XXX eq 3389
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq 162
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq https
access-list 100 extended permit tcp any host 192.168.0.0 eq smtp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp-data
access-list 100 extended permit tcp any host 192.168.0.0 eq pop3
access-list acl_out extended permit tcp any host 192.168.1.222 eq https
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (management,outside) source dynamic any interface
!
object network email_server_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network wsiftp_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network terminal1_static
nat (inside,outside) static 64.XXX.XXX.XXX service tcp 3389 3389
object network ram_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network wsi_internal_lan
nat (inside,outside) dynamic interface
object network Baccuda
nat (any,any) static 64.XXX.XXX.XXX
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 64.XXX.XXX.XXX1
route inside 192.168.0.0 255.255.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.23.59.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:61dd614b76a
: end
wsigateway#
As I said, getting the hang of it :-~
Try this:
object network terminal1_static
host 64.x.x.x
object network PublicServer_RDP
host 192.168.1.191
nat (inside,outside) static terminal1_static
object service rdp
service tcp destination eq 3389
access-list outside_access_in line 1 extended permit object rdp any host 192.168.1.191
Try this:
object network terminal1_static
host 64.x.x.x
object network PublicServer_RDP
host 192.168.1.191
nat (inside,outside) static terminal1_static
object service rdp
service tcp destination eq 3389
access-list outside_access_in line 1 extended permit object rdp any host 192.168.1.191
ASKER
Everything works now except inbound email from exchange. how do I setup MX record ip address tpo access inside.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
object network terminal1_static
host 64.x.x.x
object network PublicServer_RDP
host 192.168.1.191
nat (inside,outside) static terminal1_static
access-list outside_access_in line 1 extended permit tcp any host 192.168.1.191 eq 3389