Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is this a firewall issue?

Hi All,

I have an ASA 5540 with 3 interfaces

Outside

DMZ

Inside

I have a windows server in the dmz that has outlook client installed that connects to my exchange server on the inside and I am allowing the following protocols between the two machines:

tcp 135

dns 53

high port 1024 - 1500

everything works however maybe every third the time the client opens the client says is can not contact the server and to click retry, when I click retry it connects fine.

I have opened up the rule for IP but still the same problem. I have done a packet capture between the 2 hosts which I have attached and have broken down the capture to a succesfull connection and an interputed connection.

when they connect the server directly to the inside of the network and connect to exchange they never get prompted to retry.

there is no inspect configured on the firewall.

anyone got any ideas?

8 REPLIES
New Member

Re: Is this a firewall issue?

Beyond the packet capture, I would post a clean config (fake ip's) of the firewall/nat rules.

Re: Is this a firewall issue?

sounds like you are getting a timeout for smtp traffic. try removing the fixup ESMTP command. Also look for interface errors /duplex and speed issues on the firewall.

Francisco.

New Member

Re: Is this a firewall issue?

have checked interface on machine/switch for interface errors and there are none. also no inspect configured

Re: Is this a firewall issue?

Is just your oulook application affected? what is the software vesion on ASA?

I think you should post a network diagram and port your fw config.

Francisco.

New Member

Re: Is this a firewall issue?

yeah just the outlook and its version 7.0(6)

the config is a bit of a nightmare as its all objects and groups. but its a basic ACL between the 2 with a no nat rule.

Re: Is this a firewall issue?

version is old. upgrading might fix your problem.

New Member

Re: Is this a firewall issue?

yeah will probably do so just seeing what cisco tac come back with

Re: Is this a firewall issue?

let us know the outome and if you need help with something else.

Francisco.

115
Views
0
Helpful
8
Replies