Hi all,
I have a network with two ingress/egress points and intend to install an ASA5512 at each. I installed one ASA (transparent), and allowed all traffic through, in order to monitor for a period, however email would not deliver from one of our Exchange servers to another. When I removed the ASA, the mail flowed again. Mail from other exchange servers is unaffected when the ASA is in place. I've created a very basic diagram demonstrating the laydown of the network and showing the route costs, which explains how mail is routed. My suspicion is because traffic from within the network is exiting via the point with no ASA and coming back in at the point where there is an ASA. I don't know enough about the device to put my finger on the problem, but I have a suspicion that this is the root cause of the issue. Even when adding a rule to specifically allow anything from the subnet which contains the mail server, the mail still won't flow.
I appreciate I've probably not formed a very good question or made myself clear, but I'm finding it hard to articulate it! Hopefully the diagram will help.
In short, when the transparent ASA is on, mail will get from Exchange Server Z to Exchange Server A, but mail from Exchange Server C will not reach Exchange Server A.