static (inside,outside) tcp 193.***.***.*** pop3 192.168.***.*** pop3 netmask 255.255.255.255
I have a NAT rule set up to convert the internal IP of the AD domain controller in the same way as for Exchange
static (inside,outside) tcp 193.***.***.*** ldap 192.168.***.*** ldap netmask 255.255.255.255
and obviously a corresponding ACL entry
access-list acl_out extended permit tcp object-group Mimecast_email eq ldap host 193.***.***.*** eq ldap
Anyway, when I try and synchronise from Mimecast I get the following error -
ERROR|Connection Error - Active Directory login failed
There is a Mimecast login setup within our AD and it is in the correct format but when I try the synchronisation I don't even get any traffic showing on the log of the ASA
I would suggest that you check to see if you are seeing any hit count on acl_out access-list for the ldap synchronization specifically. If there is no hitcount, that means that the traffic is not even coming in towards the firewall.
You might want to check if it's probably using LDAPS instead of plain LDAP which is on a different port.
Lastly, you might want to run a packet capture on the outside interface of the ASA with ACL between the AD public ip address towards any, and the reverse to see if any packets are coming inbound towards the AD.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...