ASA Static Natting

Unanswered Question
Jul 29th, 2010

Hello Dears,

Exchange 2010 comes with 3 servers,,  2 servers for internal network and  1  external network ..  External server with 2 NIC cards  1 in DMZ (external) that will  transfer mail to outside world  and 1 connected to core switch  (internal), what ports i have  to allow in access-list and in static Natting statement for this  exchange sever.

The external server  external NIC IP address i have to  NAT statically with public IP with specific ports ??????? correct me if i  m wrong. I m pretty sure SMTP and POP3.and any more port numbers.

I have to add a static route for the internal network on the Exchange server which is on the DMZ network becz Microsoft doesnt accepts 2 default gateway.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
August Ritchie Thu, 07/29/2010 - 13:54

** This all assumes that you are running 8.2 or lower**

I'm not exactly sure about which ports are needed, but let me see if I can help get you started. If you want to receive/send traffic to the outside world you will need to configure static/access-lists to allow that traffic.

Here is a document on the list of the ports according to Microsoft.

Say my server is on the inside with an IP address of and I want to translate it to my open public IP of To do the static statement for pop3 it would look something like this

static (inside,outside) tcp 110 110 netmask

**note** If you want to use the outside IP address of the ASA to translate your server to you can use the interface keyword

static (inside,outside) tcp interface 110 110 netmask

For the access-list I would use something like:

access-list outside_access_in permit tcp any host eq 110

Then make sure that you have an access-group applied to the outside

access-group outside_access_in in interface outside

Hopefully this helps


This Discussion