Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1387
Views
0
Helpful
3
Replies

Exchange Direct Push | ASA 5540 | Barracuda

bentg
Level 1
Level 1

‎06-16-2011 12:23 PM - edited ‎03-11-2019 01:46 PM

Hello,

I have the following scenario that I need some help with.

                            INET

                      (205.50.50.1)

                              |

                              |

                      (205.50.50.2)

                 [CISCO ASA 5540]

                       (10.10.10.1)

                              |

                              |

                             + ---------------------------------------------+

                      (10.10.10.2)                              (10.10.10.3)

                    [BARRACUDA]                         [Exchange SRV]

Mail Domain:            mail.domain.com (205.50.50.50)

Ok so the mail flows to the Barracuda using a static 1:1 NAT configuration and then gets delivered from the Barracuda to the Exchange server.  I want to implement active sync (Direct Push) for Windows mobile devices.  They need to communicate with mail.domain.com over port 443.  The problem is I want mail to continue to flow to the Barracuda, but direct Direct Push traffic to the Exchange server.

I cnow I can't implement two 1:1 NAT mappings from the same external hostname to 2 different servers.  The question is how do I accomplish this.

Please let me know if you need more information.

Thanks,

Bent

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎06-16-2011 07:16 PM

Hello,

So basically you will need incoming traffic via SMTP to 10.10.10.2 that goes to the barracuda, but if the request comes on port 443 that it goes to the Exchange? Is that it? If it is, you will need to configure port forwarding instead of 1 to 1 translations.

Let me know if I did get it

Mike

Mike
0 Helpful

bentg
Level 1
Level 1
In response to Maykol Rojas

‎06-17-2011 10:07 AM

Hello Maykol,

Thank you for your reply!

Yes that is exactly what I want to do.  Would you be able to provide me with a configuration example based on my scenenario?  I'm just not sure were to start.

Thanks,

Bent

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to bentg

‎06-17-2011 10:58 AM

First would be removing the static one to one:

no static (inside,outside) 205.50.50.1 10.10.10.2

Then create the port forwardings

static (inside,outside) tcp 205.50.50.1 25 10.10.10.2 25

static (inside,outside) tcp 205.50.50.1 443 10.10.10.3 25

nat (inside) 4 10.10.10.2 255.255.255.255

nat (inside) 4 10.10.10.3 255.255.255.255

global (outside) 4 205.50.50.1

That would allow connections coming and allow the servers to reply with the same IP

You may need to allow the traffic to the new port which is 443 on the outside interface.

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card