Solved: ASA -5505 Exchange remote clients cannot access

Thomas Grassi · ‎09-07-2012

Just installed ASA -5505 replaced cisco 851

My exchange server hosts remote outlook clients and remote web access

no one on the remote side can access my exchange server

internal mail flows in bound and out bound.

my iphone can not access the exchange server either.

When the Cisco 851 was online all the above worked great.

Nothing changed on the remote client side just put the ASA 5505 in service.

What am I missing?

I am new to the ASSA 5505 family. Had a reseller configure the router but unable to get them at this hour.

Called Cisco support but they are closed at this time also.

Any help would be greatly appreciated.

Config attached

Thanks

Thomas R Grassi Jr

mvsheik123 · ‎09-07-2012

Hi Thomas,

I checked the config Quickly and there is no 'default route' configured on ASA. Add the commnad-

!

route outside 0.0.0.0 0.0.0 1

!

If you still experience issues, try reboot the ISP devices. When you replace 851 with ASA, the ARP needs to be cleared on those devices.

hth

MS

View solution in original post

terrencepayet · ‎09-07-2012

Hi Thomas,

Do you access your outlook via https or via port 8080 from outside??

if you are accessing it via https you need to add this to your config:

access-list outside_access_in extended permit tcp any interface outside eq https

static (inside,outside) tcp interface https 192.168.69.26 https netmask 255.255.255.255

HTH

Regards,

Terence

View solution in original post

terrencepayet · ‎09-08-2012

Hi Thomas,

You need to run this command first:

no http server enable

http server enable 8181

Now you should be able to add NAT/PAT statement.

Just remember if you want to access yourASA via ASDM you will need to specify port 8181.

HTH.

Regards,

Terence

Sent from Cisco Technical Support iPad App

View solution in original post

mvsheik123 · ‎09-07-2012

Hi Thomas,

I checked the config Quickly and there is no 'default route' configured on ASA. Add the commnad-

!

route outside 0.0.0.0 0.0.0 1

!

If you still experience issues, try reboot the ISP devices. When you replace 851 with ASA, the ARP needs to be cleared on those devices.

hth

MS

Thomas Grassi · ‎09-07-2012

MS

thanks for the quick responce

I have a verizon fios ont yes I powered off the ont for several minutes to cleint the mac address cache

On some of my computers I needed to do a arp -d 192.168.69.1 gateway address

your command what is the next hop ip?

Is that my static ip address?

Thanks

Thomas R Grassi Jr

terrencepayet · ‎09-07-2012

Hi Thomas,

Do you access your outlook via https or via port 8080 from outside??

if you are accessing it via https you need to add this to your config:

access-list outside_access_in extended permit tcp any interface outside eq https

static (inside,outside) tcp interface https 192.168.69.26 https netmask 255.255.255.255

HTH

Regards,

Terence

Thomas Grassi · ‎09-08-2012

Terrence

Thank you for your help

yes I I do you 8080 to access remotely

http://mail.tgcsnet.com:8080/exchange

Do I need anything else?

Thomas R Grassi Jr

Terrence

just tried to add the commands above

access-list outside_access_in extended permit tcp any interface outside eq https

static (inside,outside) tcp interface https 192.168.69.26 https netmask 255.255.255.255

Tom-Grasso-ASA# config t
Tom-Grasso-ASA(config)# access-list outside_access_in extended permit tcp any $
Tom-Grasso-ASA(config)# static (inside,outside) tcp interface https 192.168.69$
ERROR: unable to reserve port 443 for static PAT
ERROR: unable to download policy
Tom-Grasso-ASA(config)#

It looks like the command is not wrapping and I am only getting part of it

I am using telnet from a windows 7 comaputer

Thomas R Grassi Jr

terrencepayet · ‎09-08-2012

Hi Thomas,

You need to run this command first:

no http server enable

http server enable 8181

Now you should be able to add NAT/PAT statement.

Just remember if you want to access yourASA via ASDM you will need to specify port 8181.

HTH.

Regards,

Terence

Sent from Cisco Technical Support iPad App