Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
0
Helpful
2
Replies

New Access Rule Not Working

SteveSmo1
Level 1
Level 1

‎04-19-2016 09:24 AM - edited ‎03-12-2019 12:38 AM

Hi- ASA 5510 using ASDM 7.1(1) I have a new Exchange Edge server that I created an access rule for. I also have a rule I created some time ago to route SMTP/HTTP/HTTPS traffic to the main Exchange server. I've created the network object (external IP) and NAT (public IP) to direct/allow SMTP traffic to the Edge server but traffic still flows to the main Exchange server. If I disable the access rule for the main Exchange server, or remove the SMTP protocol no inbound email is received at all.

A curious thing to note is that in the list of Top Ten Access Rules, the rule for the main Exchange server appears twice. I didn't know if this is because it's breaking out protocols (SMTP, HTTPS) or if there is a "ghost" access rule which is gumming things up. If I do a SMTP test from the internet to the public IP of the Edge server, it shows that it's being routed to the main Exchange server. I do still need a rule to the main Exchange server to handle http/s traffic for Outlook Web App.

Any help is greatly appreciated!

"Never, never doubt what nobody is sure about." -Willy Wonka

Labels:
0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎04-19-2016 02:24 PM

are you using the same public IP but redirecting to a new internal IP?  If so you would need to clear the xlate table for this connection before it will work.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

SteveSmo1
Level 1
Level 1
In response to Marius Gunnerud

‎04-20-2016 08:47 AM

Hi- Thanks for the info. To resolve this issue, I removed the access rule to the main Exchange server, and also all the NAT rules (there were multiple rules resolving to different network objects that had the same IP, which was the main Exchange server). Anyways, I just kept the NAT and Access rule referring to the Edge server and applied that change. Great! Now we have mail flowing, as expected, from the internet through the Edge server. Then I added back one network object that resolved to the main Exchange server. Then recreated a NAT and Access rule for that. Now users can utilize OWA, too.

So it looks like everything is working as expected.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card