Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Exchange 2000 behind ASA

I am running ASA 5510 in with 3 interfaces

E0/0 INTENET (Security Level 0)

E0/1 WAN (Security Level 100)

E0/2 LAN (Security Level 100)

I am using NAT for internet on LAN interface, no outgoing ACL, and nothing is open in terms of incoming. LAN and WAN interfaces are also NATTED to same addresses in order to talk to each other.

Everything works fine, except the exchange server sitting on LAN interface which handles the outgoing emails for the local users and is connected over the WAN to our Front end server sitting in one of our branch office.

Exchange server does send outgoing emails sometimes and sometimes it generates NDR and send back to sender, stating "UNABLE TO RELAY",

Nothing is bloced in terms of outgoing from higher security interface(LAN) to Lower security interface (Internet) which is default behaviour of ASA.

Can anyone put some light on it




Re: Exchange 2000 behind ASA

Hi .. are you saying that the exchage server which is located behing the LAN interface needs to communicate with the 'front end server' which is located behind the WAN interface ..? If that is the case have you check that the command same-security-traffic permit inter-interface is enabled on your config ..?

New Member

Re: Exchange 2000 behind ASA

yes thats enabled,

LAN and WAN interfaces can communicate without any problems.

thanks for your reply


Re: Exchange 2000 behind ASA


If the mail server is able to send mail sometimes properly, then there shouldn't be any issue in the firewall.

Can you check whether the connectivity to the front-end-server from the exchange server is working fine.

Is the wan connectivity stable with enough bandwidth?

You can do some monitoring on the connectivity to the front-end-server, by using icmp polling..etc and see if the connectivity is stable to rule out any possible problem

enroute to the front-end-server.

Hope this helps.. Rate replies if found useful.


CreatePlease login to create content