Re: problem with asa5520 exchange access Active Directory
I'm not sure what Exchange topology you use but here are the ports required for an Exchange FE - BE topology:
If you are using a front-end server in a perimeter network open TCP ports on the firewall for the protocols you are using:
80 for HTTP
143 for IMAP
110 for POP
25 for SMTP
691 for Link State Algorithm routing protocol
Open ports for Active Directory Communication:
TCP port 389 for LDAP to Directory Service
UDP port 389 for LDAP to Directory Service
TCP port 3268 for LDAP to Global Catalog Server
TCP port 88 for Kerberos authentication
UDP port 88 for Kerberos authentication
Open the ports required for access to the DNS server:
TCP port 53
UDP port 53
Open the appropriate ports for RPC communication:
TCP port 135 - RPC endpoint mapper
TCP ports 1024+ - random RPC service ports
(Optional) To limit RPCs across the intranet firewall, edit the registry on servers in the intranet to specify RPC traffic to a specific non random port. Then, open the appropriate ports on the internal firewall:
TCP port 135 ? RPC endpoint mapper
TCP port 1600 (example) ? RPC service port
If you use IPSec between the front-end and back-end, open the appropriate ports. If the policy you configure only uses AH, you do not need to allow ESP, and vice versa.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...