Unanswered Question
Jan 8th, 2009

I have ASA5505 as firewall and VPN. I have two questions.

1. My Exchange is internal. I want to use port forwarding to forward all tcp 25 traffic to Exchange server. How can I do that? I can't figure it out.

2. With VPN connected, user can not browse Internet and sending/receiving email. It seems port 80/25/110 has been closed. but don't know where to open them.

Any help will be appreciated!

Thanks in advance!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Fri, 01/09/2009 - 07:47


1. Try the following command-

static (inside,outside) tcp 25 [public IP or interface name] 25 [IP of Exchange Server] netmask


static (inside,outside) tcp interface 25 25 netmask

or using a public IP

static (inside,outside) tcp 25 25 netmask

You'll have to adjust your firewall ACL to allow it through as well-


access-list external-interface extended permit tcp any host eq smtp

2. This depends on the VPN config. You're probably tunneling all traffic and then you don't have a NAT/ACL block or something not allowing VPN users to be able to get to the internet.

Hope that helps.


This Discussion