asked on
Cisco ASA 5505 and MS Exchange Server
Since we lost the password for our WAN Checkpoint FW, I am replacing it with an ASA5505. To start with, I keeping it wide open “permit ip any any” as it is a secured private MPLS between our sits only. Everything is working fine, can ping systems between sites and RDP computers etc… except that our MS Exchange Server not working or communicating with the primary exchange server in other site to send or receive any emails… But I can ping and RDP both servers from both end.
Since it is wide open “permit ip any any”; anything else I need to permit/configure in ASA 5505 for the MS Exchange traffic to pass through?
Since it is wide open “permit ip any any”; anything else I need to permit/configure in ASA 5505 for the MS Exchange traffic to pass through?
CiscoWindows Server 2003Exchange
Last Comment
Mike
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Thanks gdewrell
Acutally it has to do with fixup/inspect. I just need to power off and power on after the changes. It is working now.
Acutally it has to do with fixup/inspect. I just need to power off and power on after the changes. It is working now.
ASKER
conf t
policy-map global_policy
class inspection_default
no inspect esmtp
wr
power off and on worked. Thanks gdewrell.
http://support.microsoft.com/kb/161931
http://support.microsoft.com/kb/176466
policy-map global_policy
class inspection_default
no inspect esmtp
wr
power off and on worked. Thanks gdewrell.
http://support.microsoft.com/kb/161931
http://support.microsoft.com/kb/176466
Your help has saved me hundreds of hours of internet surfing.
fblack61
conf t
policy-map global_policy
class inspection_default
no inspect esmtp
--------------------------
access-list FromOutside extended permit ip any any
access-list FromOutside extended permit esp any any
access-list FromOutside extended permit udp any eq isakmp any
access-list FromOutside extended permit udp any eq 4500 any
access-list FromInside extended permit ip any any
************************
global (outside) 1 interface
nat (inside) 0 access-list nonat_acl
access-group FromInside in interface inside
access-group FromOutside in interface outside
**************************
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global