Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

New to this, need help configuring

Ok, I recently picked up a cisco asa 5505. I've been using the ASDM tool to configure it. I've got the internet connection working but am having some trouble getting internet traffic to pass through to our mail server which is located on the local network. I've added a rule for it but it still won't work. What am I missing? A NAT entry or static route? Anyway it is pretty much a 192.168.1.x local network. The server we are trying to get to is We are trying to allow any outside internet traffic on port 25 to pass through to the local network.

Any help would be appreciated.

New Member

Re: New to this, need help configuring

Also here is my config. I haven't had the time to read the full docs yet as we are on a deadline to get this device online, also is the static route correct to allow internet access?:

: Saved


ASA Version 7.2(2)


hostname ciscoasa

domain-name xxx

enable password xxx



interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address 64.136.239.XXX 255.255.255.XXX


interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


passwd xxx

ftp mode passive

dns server-group DefaultDNS

domain-name knightwatch.local

access-list outside_access_in extended permit tcp any host eq smtp

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

access-group outside_access_in in interface outside

route outside 64.136.239.XXX 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside


dhcpd address inside

dhcpd dns 64.136.224.XXX 172.16.0.XXX interface inside

dhcpd domain knightwatch.local interface inside

dhcpd enable inside



class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global

prompt hostname context


: end

asdm image disk0:/asdm-522.bin

no asdm history enable

Hall of Fame Super Silver

Re: New to this, need help configuring


I have not looked at the config closely, but I see a major issue. If people outside are attempting to access the server then it needs an address that is accessible from outside. Any request from outside can not use address Usually this is handled with a static translation which translates from the address known outside to Try adding a static translation and let us know how it works.




Re: New to this, need help configuring

Just to add, you will also have to change your access-list to reflect the outside address, not the 192 address.

CreatePlease to create content