Hello everybody, and sorry for making you help me again

I have an ASA 5505 here (code to be furnish at the end)

Please note that the IP adress for the outside interface are exemple since this is a lab atm

This router is gonna go inside   a small company.

This company use a SBS 2003 Server with exchange on it

So we need the route to do 3 things

1) Make the local lan access the internet : This is working as inteded

2) Make a VPN from the outside and access the lan : This is also working

3) We want to make people (after we change the DNS for it) to be able to do exemple mail.aaa.aaa and be able to access the Mail server from Outlook without beein on the internet and the OWA from the browser

Currently we only have 1 IP adress from the ISP, so i need to be able to access it from the same IP as the VPN (if possible)

I wanna know how to make it work as exemple just beein able to access port 25 from it

And how to make it accessible from multiple ports exemple 110 25 587 etc (all email ports)

my inside mail server is 192.168.0.2

How can i make this work

If you have any question don<t hesitate to ask i<ll do my best to answer

ASA Version 8.2(1)

!

terminal width 250

hostname hostname

enable password d0/xPtlKePBzdYTe encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.0.254 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 10.0.128.1 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

speed 10

duplex full

!

interface Ethernet0/1

speed 10

duplex full

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

boot system disk0:/asa821-k8.bin

ftp mode passive

object-group service grp_outside_in tcp

description Ports require for internal forwarding

port-object eq smtp

port-object eq ssh

access-list inside-out extended permit ip any any

access-list inside-out extended permit icmp any any

access-list no_nat extended permit ip 192.168.0.0 255.255.0.0 10.250.128.0 255.255.255.0

access-list split-tunnel extended permit ip 192.168.0.0 255.255.20.0 10.250.128.0 255.255.255.0

access-list 100 extended permit ip 10.250.128.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list 100 extended permit icmp 10.250.128.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list 101 extended permit ip any any

access-list 101 extended permit icmp any any

pager lines 34

logging enable

logging timestamp

logging buffered debugging

logging trap debugging

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool mobilepool 10.250.128.100-10.250.128.130 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-621.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list no_nat

nat (inside) 1 0.0.0.0 0.0.0.0

nat (outside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 10.0.128.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

http 192.168.0.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set mobileset esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map dyn1 1 set transform-set mobileset

crypto dynamic-map dyn1 1 set reverse-route

crypto map mobilemap 1 ipsec-isakmp dynamic dyn1

crypto map mobilemap interface outside

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh 192.168.0.0 255.255.255.0 inside

ssh 10.0.128.0 255.255.255.0 inside

ssh timeout 5

ssh version 2

console timeout 0

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

group-policy vpn internal

group-policy vpn attributes

vpn-simultaneous-logins 50

vpn-idle-timeout 2000

vpn-session-timeout 2000

group-policy mobile_policy internal

group-policy mobile_policy attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value

username admin password N2TJh8TeuGc7EOVu encrypted privilege 15

username user1 password gLGaPhl70GqS8DhN encrypted

username user2 password Y7.fXmPk3FvKUGOO encrypted

tunnel-group mobilegroup type remote-access

tunnel-group mobilegroup general-attributes

address-pool mobilepool

default-group-policy mobile_policy

tunnel-group mobilegroup ipsec-attributes

pre-shared-key *

!

class-map global-class

match default-inspection-traffic

class-map inspection

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:012d58f20bdf997d1e7b6927431e0015

: end