Having great trouble trying to get my online mail filtering service to sync with LDAP through the Cisco ASA 5505.
Please below for firewall entries.
access-list outside extended permit tcp host GFI1 host SMTP eq ldap
static (inside,outside) tcp SMTP ldap SERVER ldap netmask 255.255.255.255
The below error gets logged on the ASA.
Deny tcp src outside:184.108.40.206/42946 dst inside:SMTP/389 by access-group "outside" [0x0, 0x0]
Have I done something wrong or missing some config entries ?
The server is SBS2008 with LDS installed and configured.
Names are only used for hosts, so they don't accept a subnet mask. In the example you provided, the ASA will try to match the packet to 220.127.116.11.
If you want to specify full subnets, you can use object-groups:
object-group network GFI1
network-object 18.104.22.168 255.255.255.0
You'll also need to adjust your access-list to use the object-group like this:
access-list outside extended permit tcp object-group GFI1 host SMTP eq ldap
Hope that helps.