Cisco ASA 5505

Unanswered Question
Nov 26th, 2009

Hi to all,

I have a Cisco ASA 5510 & a MS Exchange 2003. I enabled OWA & access it thru https://sample.com/owa using different Internet connection.

I can access it locally thru https://192.168.1.1/owa. My question is, is it posible to use the https://sample.com/owa instead of  https://192.168.1.1/owa in the INSIDE interface? How will I do it? What commands will I add to my configuration. Thanks...

Regards,

Raymond

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhankus Thu, 11/26/2009 - 10:28

I assume that your Exchange is nat'ed using static translation. It should wokr in the way you want if:

1. You enable inspection of dns queries (using "inspect dns" in global_policy)

2. DNS server for sample.com domain is located on outside interface (so the DNS answer for "sample.com" query has a chance to be translated to 192.168.1.1).

Post your config so I can tell you what to change.

Best regards

  mirek

Kent Heide Thu, 11/26/2009 - 10:51

Or you can do;

# for outside

static (dmz, outside) netmask 255.255.255.255

# for internal

static (dmz, inside) netmask 255.255.255.255

Which will translate for you.

mon_samonte Thu, 11/26/2009 - 23:17

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Thanks for your reply.

Below is my current configuration.

access-list 101 extended permit tcp any host 20x.x.x.164 eq https

access-list 101 extended permit tcp any host 20x.x.x.164 eq smtp

access-list 101 extended permit icmp any host 20x.x.x.164

access-group 101 in interface outside

static (inside,outside) 20x.x.x.x 192.168.1.4 netmask 255.255.255.255

Email Server: 192.168.1.4

Public IP of Email Server: 20x.x.x.164

Internet--->ASA5505---->Switch----->PC/Email Server

I've already try changing the NAT configuration (pls see below)

from "static (inside,outside) 20x.x.x.x 192.168.1.4 netmask 255.255.255.255"

to this "static (inside,outside) 20x.x.x.x 192.168.1.4 netmask 255.255.255.255 dns"

But still no luck.

I tried the ASDM Packet tracer & the result is Packets are drop when I use https://sample.com/owa instead of https://192.168.1.4/owa on the INSIDE interface.

Best Regards,

Raymond

manfernandez Sun, 11/29/2009 - 09:31

Make sure that the IIS server is not bound to the Internal IP only.  I had a simialr issue and changed it to

be bound to all IPs.

You should try to do a capture with the ASDM capture wizard and see what is goign on. Make sure that you are coming in from the outside when trying to hit the site as well.

Actions

This Discussion