Setup webmail with public IP on a ASA 5512x

Unanswered Question
Jun 4th, 2014
User Badges:

I have a 5512x Running ASA Ver 9.1(2) ASDM  Ver 7.1(3) and I am trying to figure out how to setup my companys Webmail, The webmail is on a public ip addres seperate from the address of the ASA, the request will be coming in the 0/0 port from the outside looking for the webmail address, so how would I set this up. with a static route or?

 

Thanks

Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smason1970 Wed, 06/04/2014 - 08:29
User Badges:

Could I add a nat rule and create a network object for the owa ip, say source interface outside destination int any, destination address OWA?  just a thought..:)

Lee Dress Wed, 06/04/2014 - 09:08
User Badges:

Create a network object with the inside IP Address of your OWA server (ie 192.168.1.150) and add a static nat

object network owa-server

 host 192.168.1.150
 nat (inside,outside) static interface service tcp https https

then create an access rule to allow outside traffic to be directed to that server

access-list outside_access_in extended permit tcp any host 192.168.3.150 eq https

that should be all you need. then to access the server, just type in your public IP Address i.e. https://10.10.10.10/owa  (or if you have dns setup, you would do https://owa.mycompany.com/owa  and you should be good.

Hope this helps.

Lee

smason1970 Wed, 06/04/2014 - 14:09
User Badges:

Ok thanks for that reply I havent tried it yet , I went live with this after work and our echange can send email but not recive. strange

Marvin Rhoads Wed, 06/04/2014 - 14:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Even though your client sends and receives with https when using OWA, the server also needs to be able to receive mail (from external servers) via smtp (tcp/25). So add an ACL entry to the outside_access_in list above with "eq smtp" at the end. e.g.:

access-list outside_access_in extended permit tcp any host 192.168.3.150 eq smtp

Actions

This Discussion