Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA5505

I have ASA5505 as firewall and VPN. I have two questions.

1. My Exchange is internal. I want to use port forwarding to forward all tcp 25 traffic to Exchange server. How can I do that? I can't figure it out.

2. With VPN connected, user can not browse Internet and sending/receiving email. It seems port 80/25/110 has been closed. but don't know where to open them.

Any help will be appreciated!

Thanks in advance!

Grace

1 REPLY

Re: ASA5505

Grace-

1. Try the following command-

static (inside,outside) tcp 25 [public IP or interface name] 25 [IP of Exchange Server] netmask 255.255.255.255

EXAMPLES

static (inside,outside) tcp interface 25 192.168.1.10 25 netmask 255.255.255.255

or using a public IP

static (inside,outside) tcp 69.222.73.15 25 192.168.1.10 25 netmask 255.255.255.255

You'll have to adjust your firewall ACL to allow it through as well-

EXAMPLE

access-list external-interface extended permit tcp any host 69.222.73.15 eq smtp

2. This depends on the VPN config. You're probably tunneling all traffic and then you don't have a NAT/ACL block or something not allowing VPN users to be able to get to the internet.

Hope that helps.

161
Views
0
Helpful
1
Replies
CreatePlease to create content