To configure MS-Exchange connectivity through a PIX Firewall, perform the following steps:
Create the static translation for the MS-Exchange server inside address so it can be seen by its public routable address from the outside. Traffic received by the PIX on the outside address of the MS-Exchange server is translated by the PIX and passed to the inside network.
Create an Access Control List (ACL) on the PIX to allow all devices (or a specific machine) on the outside to access the MS-Exchange server. The MS-Exchange server uses ports 135, 137, 138, and 139.
Apply the ACL to the outside interface in the inbound direction.
The following is an example configuration:
static (inside,outside) 220.127.116.11 10.1.1.1 !---This creates the static entry. !---Map the inside address of 10.1.1.1 to the public address of 18.104.22.168.
access-list 101 permit tcp any host 22.214.171.124 eq 139 access-list 101 permit tcp any host 126.96.36.199 eq 135 !--- Access-list 101 permits TCP traffic from any device to host 188.8.131.52. !--- This is the outside address of the Exchange server ports 139 and 135. access-list 101 permit udp any host 184.108.40.206 eq 137 access-list 101 permit udp any host 220.127.116.11 eq 138 !--- Access-list 101 permits UDP traffic from any device to host 18.104.22.168. !--- This is the outside address of the Exchange server ports 137 and 138.
access-group 101 in interface outside !---Apply the access-list to the outside interface.
Hello Everyone I have a scenario which I open an ipsec tunnel Strongswan(initiator) Vs Cisco FlexVPN as a hub (responder).I'm also using dynamic IP configuration to get tunnel IP address from the Cisco pool adress. Then tunnel is in ESTABLISHED ...
Hello Folks, I am running into this very strange behavior where customer has ASA5512X and we are trying to set up a redundant VTI tunnel to service provider. Both tunnels come up fine and correct static routes thru the VTI tunnel interfaces for the f...
Hi Everyone,I am new to Cisco AnyConnect VPNThere are 3 tunnel-groups i have setup as attached. Because the AnyConnect VPN is for mobile users, and i want the end-user experience to be as seamless as possible. Is there a way that i can "pre-se...
Hi, I have encountered error for all dot1x devices like laptop where DenyAccess. other non devices seems working fine.ISE error below seen. Previously all was working fine till recently. Any idea guys? Thanks! OpenSSLErrorMessa...