Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

access SBS 2011 owa using ASA 5505

Hi there, i am new in the ASA world but i have managed to set up an ASA. Everything works fine but i am not able to access the OWA through the Cisco ASA. Find the config below. Can somebody assist me?

Thanks!

: Saved

:

ASA Version 8.3(1)

!

hostname asa2

enable password i9.yhWTfK7AnxZ5r encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

name 192.168.131.8 sbs

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.131.152 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address xx.xx.xx.5 255.255.255.248

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network NETWORK_OBJ_192.168.131.128_25

subnet 192.168.131.128 255.255.255.128

object network exchange

host 192.168.131.8

object service https

service tcp source eq https destination eq https

object-group service owa tcp

port-object eq https

access-list outside_access_in extended permit ip any any

access-list outside_access_in extended permit object https any interface outside

access-list outside_access_in extended permit tcp any interface outside eq smtp

access-list outside_access_in remark Allow SMTP traffic

access-list outside_access_in remark Allow SSL-OWA-RWA Traffic

access-list outside_access_in extended permit tcp any interface outside eq https

access-list outside_access_in remark Allow SharePoint traffic

access-list outside_access_in extended permit tcp any interface outside eq 987

access-list inside_access_out extended permit ip any any

access-list global_access extended permit ip any any inactive

access-list inside_access_in extended permit ip any any

access-list outside_access_out extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

ip local pool mediostpool 192.168.131.180-192.168.131.199 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside,outside) source dynamic any interface

!

object network obj_any

nat (inside,outside) dynamic interface

object network exchange

nat (inside,outside) static interface service tcp https https

access-group outside_access_in in interface outside

access-group outside_access_out out interface outside

access-group inside_access_in in interface inside

access-group inside_access_out out interface inside

access-group global_access global

route outside 0.0.0.0 0.0.0.0 xx.xx.xx.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.131.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.131.156-192.168.131.187 inside

!

threat-detection basic-threat

threat-detection statistics host

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

group-policy mediostvpn internal

group-policy mediostvpn attributes

vpn-tunnel-protocol IPSec

username Anton password jRVOT3qxuT/xdrp5 encrypted privilege 0

username Anton attributes

vpn-group-policy vpn

tunnel-group vpn type remote-access

tunnel-group vpn general-attributes

address-pool pool

default-group-policy vpn

tunnel-group vpn ipsec-attributes

pre-shared-key *****

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect icmp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:6f543b73d5b1a3c82e794f228364edd0

: end

asdm location sbs 255.255.255.255 inside

no asdm history enable

541
Views
0
Helpful
0
Replies
CreatePlease to create content