Question about an ACL

Answered Question
Dec 6th, 2007
User Badges:

I have an ASA and I have a config question. I already have an ACL in place that allows only smtp traffic from our email provider. I also have a NAT translation to our exchange server for that. My question is- How do I configure OWA (using port 25 and 443) for all outside addresses when I already have an acl only allowing that traffic from my email provider? Also how do I set the NAT translation up? Thanks.

Correct Answer by acomiskey about 9 years 4 months ago

New Static:

static (inside,outside) tcp interface https 10.132.129.94 https netmask 255.255.255.255


New acl entry:

access-list outside_access_in permit tcp any interface outside eq https


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Thu, 12/06/2007 - 11:57
User Badges:
  • Green, 3000 points or more

Why do you need port 25 for owa?


If you indeed do need it there is no way to allow smtp from only your email provider, then allow it from outside addresses. Maybe I'm not understanding the situation properly.


To set it up for 443, simply add another entry to your acl. Whether or not you need another nat translation depends on your current static statement. Could you post it?

mike.feeney Thu, 12/06/2007 - 12:58
User Badges:

Maybe I'm incorrect in thinking I need SMTP for OWA.


static (inside,outside) tcp interface smtp 10.132.129.94 smtp netmask 255.255.255.255

Correct Answer
acomiskey Thu, 12/06/2007 - 13:02
User Badges:
  • Green, 3000 points or more

New Static:

static (inside,outside) tcp interface https 10.132.129.94 https netmask 255.255.255.255


New acl entry:

access-list outside_access_in permit tcp any interface outside eq https


Actions

This Discussion