https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590298#M423533 <HTML><HEAD></HEAD><BODY><P>yes thats enabled,</P><P>LAN and WAN interfaces can communicate without any problems.</P><P></P><P>thanks for your reply</P><P>Muhammad </P><P></P></BODY></HTML> Mon, 04 Sep 2006 05:14:11 GMT msubtain 2006-09-04T05:14:11Z https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590296#M423531 <P>I am running ASA 5510 in with 3 interfaces</P><P></P><P>E0/0 INTENET (Security Level 0)</P><P>E0/1 WAN (Security Level 100)</P><P>E0/2 LAN (Security Level 100)</P><P></P><P>I am using NAT for internet on LAN interface, no outgoing ACL, and nothing is open in terms of incoming. LAN and WAN interfaces are also NATTED to same addresses in order to talk to each other.</P><P></P><P>Everything works fine, except the exchange server sitting on LAN interface which handles the outgoing emails for the local users and is connected over the WAN to our Front end server sitting in one of our branch office.</P><P></P><P>Exchange server does send outgoing emails sometimes and sometimes it generates NDR and send back to sender, stating "UNABLE TO RELAY", </P><P></P><P>Nothing is bloced in terms of outgoing from higher security interface(LAN) to Lower security interface (Internet) which is default behaviour of ASA. </P><P></P><P>Can anyone put some light on it</P><P></P><P>Thanks</P><P>Muhammad</P> Fri, 21 Feb 2020 09:09:07 GMT https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590296#M423531 msubtain 2020-02-21T09:09:07Z https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590297#M423532 <HTML><HEAD></HEAD><BODY><P>Hi .. are you saying that the exchage server which is located behing the LAN interface needs to communicate with the 'front end server' which is located behind the WAN interface ..? If that is the case have you check that the command same-security-traffic permit inter-interface is enabled on your config ..?</P><P></P><P></P><P></P><P></P></BODY></HTML> Mon, 04 Sep 2006 05:06:48 GMT https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590297#M423532 Fernando_Meza 2006-09-04T05:06:48Z https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590298#M423533 <HTML><HEAD></HEAD><BODY><P>yes thats enabled,</P><P>LAN and WAN interfaces can communicate without any problems.</P><P></P><P>thanks for your reply</P><P>Muhammad </P><P></P></BODY></HTML> Mon, 04 Sep 2006 05:14:11 GMT https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590298#M423533 msubtain 2006-09-04T05:14:11Z https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590299#M423534 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If the mail server is able to send mail sometimes properly, then there shouldn't be any issue in the firewall.</P><P></P><P>Can you check whether the connectivity to the front-end-server from the exchange server is working fine.</P><P>Is the wan connectivity stable with enough bandwidth?</P><P>You can do some monitoring on the connectivity to the front-end-server, by using icmp polling..etc and see if the connectivity is stable to rule out any possible problem </P><P>enroute to the front-end-server.</P><P></P><P>Hope this helps.. Rate replies if found useful.</P><P></P><P>-VJ</P><P></P><P></P></BODY></HTML> Tue, 05 Sep 2006 10:29:06 GMT https://community.cisco.com/t5/network-security/exchange-2000-behind-asa/m-p/590299#M423534 vijayasankar 2006-09-05T10:29:06Z