Hi
I have an issue with Allowing traffic to Office 365 through our Cisco ASA 5525-X firewall using O365 FQDNs. We have an internal vlan that needs to use O365 for emails.
I have allowed traffic on the following ports but the traffic is being blocked-
Incoming Mail (IMAP) Server: |
outlook.office365.com |
993 |
Incoming Mail (POP) Server: |
outlook.office365.com |
995 |
Outgoing Mail (SMTP) Server: |
smtp.office365.com |
587 |
The ACL entry is:
access-list VLAN153_access_in line 28 extended permit object-group SVC_GROUP_SMTP 10.40.153.0 255.255.255.0 object outlook.office365.com log 6 interval 300
If I instead allow traffic on these ports to any ip4 destination the traffic is allowed:
access-list VLAN153_access_in line 28 extended permit object-group SVC_GROUP_SMTP 10.40.153.0 255.255.255.0 any4 log 6 interval 300
I've monitored the traffic and the end point IP address for the O365 addresses is resolving to the same IP addresses with both rules and is using the ports I mention above. For some reason the traffic is being dropped when I specify the fqdn in the ACL.
Any help will be greatly appreciated :)
Thanks
Chris