Cisco Router Port Forwarding Challenge

Posted on 2011-05-09
Last Modified: 2012-05-11
Hi Experts,

I am having a challenge accessing the exchange server located on the dmz of the cisco ASA5505.
the major challenge is that while i am able to access the exchange server from within the inside network i.e network, i am unable to do same from the internet.
i believe i have put in the appropriate configurations in both the Router and the Firewall.
One interesting thing is that it appears that the ports 443, 143, and 25 are not open on the 41.58.X.104 ip address. The only port that seems to be open is the telnet port and i wonder why.
Also i noticed that when i issue a telnet command to the exchange server from the router, it fails to connect. What exactly am i doing wrong.
Kindly help intervene.
I have attached the relevant configs.
Also note that Natting is done on the router and not the ASA.
The ASA has " no nat-control " configured on it.


 Exchange-Server-Scenario.vsd ASA.txt Router.txt
Question by:salvatorepp
    1 Comment
    LVL 18

    Accepted Solution

    I'm not an Exchange expert, but I did find the following on  

    "The ports that IMAP4 clients use when accessing messages on an Exchange Server computer depend on the authentication method in use. With Basic or NTLM authentication and TCP, the IMAP4 server listens on TCP port 143 for any incoming connection requests from IMAP4 clients for message download and retrieval. If SSL authentication is used, however, the port on which the Exchange Server computer listens is TCP port 993. Router and firewall setups should therefore take into consideration the access to TCP port 143 or TCP port 993 when this protocol is a supported feature for messaging."  

    Might be worth testing out.

    One other comment, but which does not explain your trouble, is your outside_in ACL does no good applied inbound on the DMZ interface.  It's specifically for traffic destined for host, an address that's on the segment hanging off that interface.  So nothing coming from that segment should ever be destined for the host.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now