Cisco ASA 5505

Unanswered Question
Nov 26th, 2009
User Badges:

Hi to all,

I have a Cisco ASA 5510 & a MS Exchange 2003. I enabled OWA & access it thru using different Internet connection.

I can access it locally thru My question is, is it posible to use the instead of in the INSIDE interface? How will I do it? What commands will I add to my configuration. Thanks...



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhankus Thu, 11/26/2009 - 10:28
User Badges:

I assume that your Exchange is nat'ed using static translation. It should wokr in the way you want if:

1. You enable inspection of dns queries (using "inspect dns" in global_policy)

2. DNS server for domain is located on outside interface (so the DNS answer for "" query has a chance to be translated to

Post your config so I can tell you what to change.

Best regards


Kent Heide Thu, 11/26/2009 - 10:51
User Badges:

Or you can do;

# for outside

static (dmz, outside) netmask

# for internal

static (dmz, inside) netmask

Which will translate for you.

mon_samonte Thu, 11/26/2009 - 23:17
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Thanks for your reply.

Below is my current configuration.

access-list 101 extended permit tcp any host 20x.x.x.164 eq https

access-list 101 extended permit tcp any host 20x.x.x.164 eq smtp

access-list 101 extended permit icmp any host 20x.x.x.164

access-group 101 in interface outside

static (inside,outside) 20x.x.x.x netmask

Email Server:

Public IP of Email Server: 20x.x.x.164

Internet--->ASA5505---->Switch----->PC/Email Server

I've already try changing the NAT configuration (pls see below)

from "static (inside,outside) 20x.x.x.x netmask"

to this "static (inside,outside) 20x.x.x.x netmask dns"

But still no luck.

I tried the ASDM Packet tracer & the result is Packets are drop when I use instead of on the INSIDE interface.

Best Regards,


manfernandez Sun, 11/29/2009 - 09:31
User Badges:

Make sure that the IIS server is not bound to the Internal IP only.  I had a simialr issue and changed it to

be bound to all IPs.

You should try to do a capture with the ASDM capture wizard and see what is goign on. Make sure that you are coming in from the outside when trying to hit the site as well.


This Discussion