Avatar of Mike
Mike
 asked on

Cisco ASA 5505 and MS Exchange Server

Since we lost the password for our WAN Checkpoint FW, I am replacing it with an ASA5505. To start with, I keeping it wide open “permit ip any any” as it is a secured private MPLS between our sits only. Everything is working fine, can ping systems between sites and RDP computers etc… except that our MS Exchange Server not working or communicating with the primary exchange server in other site to send or receive any emails… But I can ping and RDP both servers from both end.

Since it is wide open “permit ip any any”; anything else I need to permit/configure in ASA 5505 for the MS Exchange traffic to pass through?
CiscoWindows Server 2003Exchange

Avatar of undefined
Last Comment
Mike

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Gary Dewrell

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Mike

ASKER
Since ASA using "inspect" I tried the following, still not working..

conf t
policy-map global_policy
class inspection_default
no inspect esmtp

-----------------------------------



access-list FromOutside extended permit ip any any

access-list FromOutside extended permit esp any any

access-list FromOutside extended permit udp any eq isakmp any

access-list FromOutside extended permit udp any eq 4500 any

access-list FromInside extended permit ip any any


************************

global (outside) 1 interface

nat (inside) 0 access-list nonat_acl

access-group FromInside in interface inside

access-group FromOutside in interface outside

***************************

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp
             
  inspect skinny

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global
Mike

ASKER
Thanks gdewrell

Acutally it has to do with fixup/inspect. I just need to power off and power on after the changes.  It is working now.
Mike

ASKER
conf t
policy-map global_policy
class inspection_default
no inspect esmtp
wr

power off and on worked.  Thanks gdewrell.

http://support.microsoft.com/kb/161931
http://support.microsoft.com/kb/176466
Your help has saved me hundreds of hours of internet surfing.
fblack61