MezzutOzil
asked on
Why the hosted services not working in ASA firewall?
This is a new setup Cisco ASA 5520 firewall. We are using ASDM 6.4 to administer. The ASA version is: 8.4(1). This is simple setup, with 2 interface - outside and inside. All the users can surf internet, ping without problem. The problem is, a group of hosted services offered by the MS Exchange server doesn't seems to work. This is how I configured - one access rule and one NAT rule. Please see the attached.
Appreciate to show changes in GUI mode\.
Config.txt
Cisco-ASA-NATRules.bmp
Cisco-ASA-accessrules.bmp
Appreciate to show changes in GUI mode\.
Config.txt
Cisco-ASA-NATRules.bmp
Cisco-ASA-accessrules.bmp
ASKER
Hi MikeKane,
In my case, does it mean that I have to use this one:
The following example configures static NAT for the real host 1.1.1.1 on the inside to 2.2.2.2 on the outside with DNS rewrite enabled.
view source
print?
1.hostname(config)# object network my-host-obj1
2.hostname(config-network- object)# host 1.1.1.1
3.hostname(config-network- object)# nat (inside,outside) static 2.2.2.2 dns
Few questions:
1. This is to translate inside host 1.1.1.1 to outside host 2.2.2.2, isn't it?
2. My first objective is to host my exchange server with port 25. Does this mean that I need to have 1 access rule to permit port 25 traffic to 2.2.2.2? and secondly, I have to run the above command, to create 1 NAT rule?
3. My second objective to whenever host 1.1.1.1 wants to send mail to any internet mail server, it has to pose as host 2.2.2.2, any extra command need to apply?
thanks in advance.
In my case, does it mean that I have to use this one:
The following example configures static NAT for the real host 1.1.1.1 on the inside to 2.2.2.2 on the outside with DNS rewrite enabled.
view source
print?
1.hostname(config)# object network my-host-obj1
2.hostname(config-network-
3.hostname(config-network-
Few questions:
1. This is to translate inside host 1.1.1.1 to outside host 2.2.2.2, isn't it?
2. My first objective is to host my exchange server with port 25. Does this mean that I need to have 1 access rule to permit port 25 traffic to 2.2.2.2? and secondly, I have to run the above command, to create 1 NAT rule?
3. My second objective to whenever host 1.1.1.1 wants to send mail to any internet mail server, it has to pose as host 2.2.2.2, any extra command need to apply?
thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it works
In Match Crit Original Packet:
Source int: inside, Dest Int: outside, Source: Server -SGSI, Dest: Any. ACtion Trans: Source: server-SGSI, Dest, PublicIP.
Source int: outside, Dest int: inside, source: any, destination PublicIP, the rest is ok
http://www.fir3net.com/Cisco-ASA/how-to-configure-nat-of-asa-83.html