cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
570
Views
0
Helpful
2
Replies

ASA 5510 Email and Terminal Server Issue

pfdrinstr1
Level 1
Level 1

I am having two issues:

1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.

2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected

Below is my congig

ASA Version 8.3(1)
!
hostname wsigateway
domain-name wsystems.com
enable password yVSkMxWRc/S396FB encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXX
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.0.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 172.23.59.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name wsystems.com
object network email_server_static
host 192.168.1.222
object network wsiftp_static
host 192.168.1.188
object network terminal1_static
host 192.168.1.191
object network ram_static
host 192.168.1.116
object network wsi_internal_lan
subnet 192.168.0.0 255.255.0.0
object network Baccuda
host 192.168.1.107
object-group service RDP tcp
port-object eq 3389
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq smtp
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq ftp
access-list 100 extended permit tcp any host 64..XXX.XXX.XXX eq 3389
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq 162
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq https
access-list 100 extended permit tcp any host 192.168.0.0 eq smtp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp-data
access-list 100 extended permit tcp any host 192.168.0.0 eq pop3
access-list acl_out extended permit tcp any host 192.168.1.222 eq https
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (management,outside) source dynamic any interface
!
object network email_server_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network wsiftp_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network terminal1_static
nat (inside,outside) static 64.XXX.XXX.XXX service tcp 3389 3389
object network ram_static
nat (inside,outside) static 64.XXX.XXX.XXX
object network wsi_internal_lan
nat (inside,outside) dynamic interface
object network Baccuda
nat (any,any) static 64.XXX.XXX.XXX
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 64.XXX.XXX.XXX1
route inside 192.168.0.0 255.255.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.23.59.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:61dd614b76a12c7d8f3ada886d7da8c6
: end
wsigateway#

2 Replies 2

Do you have any logs that could help troubleshoot the issue?

access-list 100 extended permit tcp any host 192.168.0.0 eq smtp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp
access-list 100 extended permit tcp any host 192.168.0.0 eq ftp-data
access-list 100 extended permit tcp any host 192.168.0.0 eq pop3

you Need to fix the above access list so that they have host 192.168.X.X , not 0.0 where 192.168.X.X is the complete address of the server, Right now you have on HOST addess 192.168.0.0 which doesn't even exist.

Also since you are using 8.3 version then you don't need Public ip's (natted) in the access list as the new version supports private ip's only in the access-list.

Manish

Review Cisco Networking for a $25 gift card