To configure MS-Exchange connectivity through a PIX Firewall, perform the following steps:
Create the static translation for the MS-Exchange server inside address so it can be seen by its public routable address from the outside. Traffic received by the PIX on the outside address of the MS-Exchange server is translated by the PIX and passed to the inside network.
Create an Access Control List (ACL) on the PIX to allow all devices (or a specific machine) on the outside to access the MS-Exchange server. The MS-Exchange server uses ports 135, 137, 138, and 139.
Apply the ACL to the outside interface in the inbound direction.
The following is an example configuration:
static (inside,outside) 126.96.36.199 10.1.1.1 !---This creates the static entry. !---Map the inside address of 10.1.1.1 to the public address of 188.8.131.52.
access-list 101 permit tcp any host 184.108.40.206 eq 139 access-list 101 permit tcp any host 220.127.116.11 eq 135 !--- Access-list 101 permits TCP traffic from any device to host 18.104.22.168. !--- This is the outside address of the Exchange server ports 139 and 135. access-list 101 permit udp any host 22.214.171.124 eq 137 access-list 101 permit udp any host 126.96.36.199 eq 138 !--- Access-list 101 permits UDP traffic from any device to host 188.8.131.52. !--- This is the outside address of the Exchange server ports 137 and 138.
access-group 101 in interface outside !---Apply the access-list to the outside interface.
Hello, Since upgrading to AnyConnect 4.10.05095 we've found that our Windows clients no longer report device information as part of the SAML sign-in process which causes them to fail Conditional Access policies that require a domain-joined or In...
I have deployed the ISO for an on premise sensor running 5.1.1 in VMware. I have set a proxy variable in /opt/obsrvbl-ona/config.local same as the older 4.3 sensor. The new install wont connect to the cloud portal and I can see in Splunk that it is ...
I am reviewing to do a Qos for one of the IP , which is routed at ASA. There are lot of usage for that IP ( Bandwidth Usage ) , trying to limit the Bandwidth usage during day time. Can we do Time Based QoS so during Priduction hour it can use l...
Hi , Recently we have connected our switch to a nac with dot1x .We have implemented all the best practice of cisco to connect the switch to our radius server .The clients authenticating successfully but as for the authorization side we are faci...