Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
2
Replies

Port forwarding troubles

Go to solution
DSmithQIA
Level 1
Level 1

‎02-17-2016 01:23 PM - edited ‎03-05-2019 03:22 AM

Hi All

I'm having just a heck of time getting access to my Exchange server from the WWW.

This is a green field setup, I have an ISR 4321 connected to my ISP, then there is an ASA 5512x which connects to a Catalyst 3650 L3 switch.

I am running 5 different Vlans, the internal network is working like a charm, I have traffic flowing through the ASA and the router. I also have NAT load balancing running on the ISR to direct traffic to my two ISP connections (I have NIM installed in case you're wondering where everything is connecting).

I'm pretty green to the Cisco world, although I have been getting much better at it. I have literally spent hours searching the web, different forums, etc, and have tried just about everything I have read or can think of to get traffic flowing so I can access OWA from the WWW to no avail.

I think a big problem is I'm not sure where I'm breaking down...I can't seem to visualize how NAT works doing translations at the router, then again at the firewall. For some reason this is what I keep coming back to as the thing I have to chip away at.

Does anyone have any hints or suggestions given my particular setup? I have a dot1q trunk between the L3 switch and the firewall, and an exit subnet between the firewall and the router. My ISP connections are DSL, with fixed IP addresses.

Thanks so much.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-17-2016 11:58 PM

The first big catch - traffic that comes in one interface that is NATed must go out the same interface.  I suspect your NAT load balancing could break this rule, depending on how it is done.

For example, if traffic comes in ISP1 on port tcp/443 to your Exchange server the reply traffic from the Exchange server must go out the ISP1 port.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-17-2016 11:58 PM

The first big catch - traffic that comes in one interface that is NATed must go out the same interface.  I suspect your NAT load balancing could break this rule, depending on how it is done.

For example, if traffic comes in ISP1 on port tcp/443 to your Exchange server the reply traffic from the Exchange server must go out the ISP1 port.

0 Helpful

Go to solution
DSmithQIA
Level 1
Level 1
In response to Philip D'Ath

‎02-18-2016 10:27 AM

Thanks Philip

That was a good piece of info to keep in mind.

I did a NAT statement to direct that traffic through the appropriate interface, and I created a rule on the firewall and voila - I can access OWA from the WWW.

Thanks for your insight :)

d

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card