ASA Static Natting

estelamathew · ‎07-29-2010

Hello Dears,

Exchange 2010 comes with 3 servers,, 2 servers for internal network and 1 external network .. External server with 2 NIC cards 1 in DMZ (external) that will transfer mail to outside world and 1 connected to core switch (internal), what ports i have to allow in access-list and in static Natting statement for this exchange sever.

The external server external NIC IP address i have to NAT statically with public IP with specific ports ??????? correct me if i m wrong. I m pretty sure SMTP and POP3.and any more port numbers.

I have to add a static route for the internal network on the Exchange server which is on the DMZ network becz Microsoft doesnt accepts 2 default gateway.

August Ritchie · ‎07-29-2010

** This all assumes that you are running 8.2 or lower**

I'm not exactly sure about which ports are needed, but let me see if I can help get you started. If you want to receive/send traffic to the outside world you will need to configure static/access-lists to allow that traffic.

Here is a document on the list of the ports according to Microsoft.

http://technet.microsoft.com/en-us/library/bb331973.aspx

Say my server is on the inside with an IP address of 192.168.1.5 and I want to translate it to my open public IP of 99.9.9.9. To do the static statement for pop3 it would look something like this

static (inside,outside) tcp 99.9.9.9 110 192.168.1.5 110 netmask 255.255.255.255

**note** If you want to use the outside IP address of the ASA to translate your server to you can use the interface keyword

static (inside,outside) tcp interface 110 192.168.1.5 110 netmask 255.255.255.255

For the access-list I would use something like:

access-list outside_access_in permit tcp any host 99.9.9.9 eq 110

Then make sure that you have an access-group applied to the outside

access-group outside_access_in in interface outside

Hopefully this helps