Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
3
Replies

Exchange 2000 behind ASA

msubtain
Level 3
Level 3

‎09-03-2006 06:18 PM - edited ‎02-21-2020 01:09 AM

I am running ASA 5510 in with 3 interfaces

E0/0 INTENET (Security Level 0)

E0/1 WAN (Security Level 100)

E0/2 LAN (Security Level 100)

I am using NAT for internet on LAN interface, no outgoing ACL, and nothing is open in terms of incoming. LAN and WAN interfaces are also NATTED to same addresses in order to talk to each other.

Everything works fine, except the exchange server sitting on LAN interface which handles the outgoing emails for the local users and is connected over the WAN to our Front end server sitting in one of our branch office.

Exchange server does send outgoing emails sometimes and sometimes it generates NDR and send back to sender, stating "UNABLE TO RELAY",

Nothing is bloced in terms of outgoing from higher security interface(LAN) to Lower security interface (Internet) which is default behaviour of ASA.

Can anyone put some light on it

Thanks

Muhammad

0 Helpful
3 Replies 3

Fernando_Meza
Level 11
Level 11

‎09-03-2006 10:06 PM

Hi .. are you saying that the exchage server which is located behing the LAN interface needs to communicate with the 'front end server' which is located behind the WAN interface ..? If that is the case have you check that the command same-security-traffic permit inter-interface is enabled on your config ..?

0 Helpful

msubtain
Level 3
Level 3
In response to Fernando_Meza

‎09-03-2006 10:14 PM

yes thats enabled,

LAN and WAN interfaces can communicate without any problems.

thanks for your reply

Muhammad

0 Helpful

vijayasankar
Level 9
Level 9
In response to msubtain

‎09-05-2006 03:29 AM

Hi,

If the mail server is able to send mail sometimes properly, then there shouldn't be any issue in the firewall.

Can you check whether the connectivity to the front-end-server from the exchange server is working fine.

Is the wan connectivity stable with enough bandwidth?

You can do some monitoring on the connectivity to the front-end-server, by using icmp polling..etc and see if the connectivity is stable to rule out any possible problem

enroute to the front-end-server.

Hope this helps.. Rate replies if found useful.

-VJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card