cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to configure MS-Exchange connectivity through a PIX/ASA

4833
Views
0
Helpful
0
Comments

Resolution

To configure MS-Exchange connectivity through a PIX Firewall, perform the following steps:

  1. Create the static translation for the MS-Exchange server inside address so it can be seen by its public routable address from the outside. Traffic received by the PIX on the outside address of the MS-Exchange server is translated by the PIX and passed to the inside network.
  2. Create an Access Control List (ACL) on the PIX to allow all devices (or a specific machine) on the outside to access the MS-Exchange server. The MS-Exchange server uses ports 135, 137, 138, and 139.
  3. Apply the ACL to the outside interface in the inbound direction.

The following is an example configuration:

static (inside,outside) 64.1.1.1 10.1.1.1
!---This creates the static entry.
!---Map the inside address of 10.1.1.1 to the public address of 64.1.1.1.


access-list 101 permit tcp any host 64.1.1.1 eq 139
access-list 101 permit tcp any host 64.1.1.1 eq 135
!--- Access-list 101 permits TCP traffic from any device to host 64.1.1.1.
!--- This is the outside address of the Exchange server ports 139 and 135.

access-list 101 permit udp any host 64.1.1.1 eq 137
access-list 101 permit udp any host 64.1.1.1 eq 138
!--- Access-list 101 permits UDP traffic from any device to host 64.1.1.1.
!--- This is the outside address of the Exchange server ports 137 and 138.

access-group 101 in interface outside
!---Apply the access-list to the outside interface.

Third Party Software

Exchange