cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
2
Replies

New Access Rule Not Working

SteveSmo1
Level 1
Level 1

Hi- ASA 5510 using ASDM 7.1(1) I have a new Exchange Edge server that I created an access rule for. I also have a rule I created some time ago to route SMTP/HTTP/HTTPS traffic to the main Exchange server. I've created the network object (external IP) and NAT (public IP) to direct/allow SMTP traffic to the Edge server but traffic still flows to the main Exchange server. If I disable the access rule for the main Exchange server, or remove the SMTP protocol no inbound email is received at all.

A curious thing to note is that in the list of Top Ten Access Rules, the rule for the main Exchange server appears twice. I didn't know if this is because it's breaking out protocols (SMTP, HTTPS) or if there is a "ghost" access rule which is gumming things up. If I do a SMTP test from the internet to the public IP of the Edge server, it shows that it's being routed to the main Exchange server. I do still need a rule to the main Exchange server to handle http/s traffic for Outlook Web App.

Any help is greatly appreciated!

"Never, never doubt what nobody is sure about." -Willy Wonka

2 Replies 2

are you using the same public IP but redirecting to a new internal IP?  If so you would need to clear the xlate table for this connection before it will work.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Hi- Thanks for the info. To resolve this issue, I removed the access rule to the main Exchange server, and also all the NAT rules (there were multiple rules resolving to different network objects that had the same IP, which was the main Exchange server). Anyways, I just kept the NAT and Access rule referring to the Edge server and applied that change. Great! Now we have mail flowing, as expected, from the internet through the Edge server. Then I added back one network object that resolved to the main Exchange server. Then recreated a NAT and Access rule for that. Now users can utilize OWA, too.

So it looks like everything is working as expected.

Review Cisco Networking for a $25 gift card