Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Cisco ASA 5505 and MS Exchange Server
Posted on 2013-01-03
Since we lost the password for our WAN Checkpoint FW, I am replacing it with an ASA5505. To start with, I keeping it wide open “permit ip any any” as it is a secured private MPLS between our sits only. Everything is working fine, can ping systems between sites and RDP computers etc… except that our MS Exchange Server not working or communicating with the primary exchange server in other site to send or receive any emails… But I can ping and RDP both servers from both end.
Since it is wide open “permit ip any any”; anything else I need to permit/configure in ASA 5505 for the MS Exchange traffic to pass through?
Since it is wide open “permit ip any any”; anything else I need to permit/configure in ASA 5505 for the MS Exchange traffic to pass through?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
4 Comments
Since ASA using "inspect" I tried the following, still not working..
conf t
policy-map global_policy
class inspection_default
no inspect esmtp
--------------------------
access-list FromOutside extended permit ip any any
access-list FromOutside extended permit esp any any
access-list FromOutside extended permit udp any eq isakmp any
access-list FromOutside extended permit udp any eq 4500 any
access-list FromInside extended permit ip any any
************************
global (outside) 1 interface
nat (inside) 0 access-list nonat_acl
access-group FromInside in interface inside
access-group FromOutside in interface outside
**************************
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
conf t
policy-map global_policy
class inspection_default
no inspect esmtp
--------------------------
access-list FromOutside extended permit ip any any
access-list FromOutside extended permit esp any any
access-list FromOutside extended permit udp any eq isakmp any
access-list FromOutside extended permit udp any eq 4500 any
access-list FromInside extended permit ip any any
************************
global (outside) 1 interface
nat (inside) 0 access-list nonat_acl
access-group FromInside in interface inside
access-group FromOutside in interface outside
**************************
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Thanks gdewrell
Acutally it has to do with fixup/inspect. I just need to power off and power on after the changes. It is working now.
Acutally it has to do with fixup/inspect. I just need to power off and power on after the changes. It is working now.
conf t
policy-map global_policy
class inspection_default
no inspect esmtp
wr
power off and on worked. Thanks gdewrell.
http://support.microsoft.com/kb/161931
http://support.microsoft.com/kb/176466
policy-map global_policy
class inspection_default
no inspect esmtp
wr
power off and on worked. Thanks gdewrell.
http://support.microsoft.com/kb/161931
http://support.microsoft.com/kb/176466
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article will help to fix the below errors for MS Exchange Server 2013
I. Certificate error "name on the security certificate is invalid or does not match the name of the site"
II. Out of Office not working
III. Make Internal URLs and Externa…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Servers >> Certificates…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:
• Key questions to ask when considering a partnership to accelerate your business into the cloud
• Pitfalls and mistakes other partners…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 10 hours left to enroll
636 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.