Solved: Question about an ACL

mike.feeney · ‎12-06-2007

I have an ASA and I have a config question. I already have an ACL in place that allows only smtp traffic from our email provider. I also have a NAT translation to our exchange server for that. My question is- How do I configure OWA (using port 25 and 443) for all outside addresses when I already have an acl only allowing that traffic from my email provider? Also how do I set the NAT translation up? Thanks.

acomiskey · ‎12-06-2007

New Static:

static (inside,outside) tcp interface https 10.132.129.94 https netmask 255.255.255.255

New acl entry:

access-list outside_access_in permit tcp any interface outside eq https

View solution in original post

acomiskey · ‎12-06-2007

Why do you need port 25 for owa?

If you indeed do need it there is no way to allow smtp from only your email provider, then allow it from outside addresses. Maybe I'm not understanding the situation properly.

To set it up for 443, simply add another entry to your acl. Whether or not you need another nat translation depends on your current static statement. Could you post it?

mike.feeney · ‎12-06-2007

Maybe I'm incorrect in thinking I need SMTP for OWA.

static (inside,outside) tcp interface smtp 10.132.129.94 smtp netmask 255.255.255.255

acomiskey · ‎12-06-2007

New Static:

static (inside,outside) tcp interface https 10.132.129.94 https netmask 255.255.255.255

New acl entry:

access-list outside_access_in permit tcp any interface outside eq https

mike.feeney · ‎12-06-2007

Thank you.