Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ms outlook failed to connect to mail server from dmz interface on ASA 5520

My device has 3 interfaces configured: inside, outside, DMZ.  Right now I can access the Mail server from the Internet using domain name which is on DMZ interface. The issue here is when users  they need to configure their Ms Outlook for Incoming mail server & outgoing mail server  FQDM e.g (mail.test.com) the ms outlook failed to connect , but when using its internal IP address 10.10.1.5 which is Mail server IP address its working fine. Are there any special statements I need to add to the ASA such as nat or ACLs to make this work?  My LAN is 192.168.1.0/24 and DMZ is 10.10.1.0/24. And My Mail server IP address is 10.10.1.5/24 

9 REPLIES
Community Member

Hi,As I understand you mail

Hi,

As I understand you mail server is located in DMZ, and users are trying to connect to that via inside interface of ASA? DNS itself is configured to resolve DMZ IP address of the server back to Internal network (which is connected to inside interface of ASA)? What configuration you has on both interfaces? Is there any ACL applied? Do you have a routing between that interfaces?

Community Member

Yes Maxg11771,See attached

Yes Maxg11771,

See attached configurations from ASA

NB: 192.168.1.254/24 is Proxy IP address. All Users are forced to use proxy in order to go to the Internet

Community Member

James,And when you do an

James,

And when you do an nslookup on client machine with MS Office installed with mentioned DNS name, what IP it resolves?

Community Member

C:\Windows\system32>nslookup

C:\Windows\system32>nslookup mail1.test.co.tz

Server:  ftp.test.co.tz

Address:  196.44.149.254

 

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

Non-authoritative answer:

DNS request timed out.

    timeout was 2 seconds.

Name:    mail1.test.co.tz

Address:  196.44.154.194

 

 

C:\Windows\system32>

Community Member

So you can see that is is not

So you can see that is is not 10.10.1.5 that should be. IP 196.44.154.194 is configured on your server? What will be if you will try to put it as an IP address in MS Outlook registration process? Are you able to access this IP via inside interface?

It seems that you need to create an ACL allowing mail traffic between DMZ and inside interface.

Community Member

OK The Mail Server has an IP

OK The Mail Server has an IP of 10.10.10.5/24 which mapped to Public ip 196.44.154.194.

When configure outlook with Internal IP Address shich is 10.10.10.5 its working fine at the office, but with name (mail1.test.co.tz) there is where the problem occurs.

And when am outside the office its working fine if am using name (mail1.test.co.tz)

Now i want to use name instead of IP address whether am at the office or in the office.

Community Member

You have two ways:1. Easy way

You have two ways:

1. Easy way - configure local DNS server in internal network (behind inside interface) to resolve 10.10.10.5 for DNS name -  mail1.test.co.tz

2. Complicated way - Create proper routing for 196.44.154.194 on inside interface back to DMZ

Community Member

I will go with easy way to

I will go with easy way to configure local dns. thanks

Community Member

    As far as I know or think

 

   As far as I know or think, the DNS Server has problem within LAN, their might be a problem with its configuration , their must be a Domain Server within this LAN(DMZ) interface, you need to check if DNS Server is properly running on it or not.

 

 

 

43
Views
0
Helpful
9
Replies
CreatePlease to create content