Cisco Firewall :: ASA 5510 With 8.0.2 - Exchange 2007 Outlook Anywhere / OWA Users
Aug 15, 2011
We have a ASA 5510 which was running 8.0.2, we recently upgraded it to 8.2.5 and since the upgrade remote users for exchange 2007 are not able to download any large email attachments(over or close to 1MB). This is only happening to Outlook anywhere users or OWA users who are connecting to the exchange server using https(443) externally. If the same users connects internally they do not face any issue. When i check the logs on ASA i am gettings lots of RESET-O and RESET-I entries. Looks like the connection between the client and the server gets reset.
View 14 Replies
ADVERTISEMENT
Dec 26, 2011
Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)? OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510?
View 2 Replies
View Related
Dec 27, 2011
Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)? OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510?
View 1 Replies
View Related
Apr 4, 2011
We have a setup where clients on the internal network send/receive their emails through Microsoft Outlook client, while the Exchange server is hosted on the internet, outside the organization.The clients are connected to a Cisco switch, behind an ASA5510 Firewall. The Firewall is connected to an internet router, with double NAT (On the ASA and Router).
the outlook clients disconnect from the Exchange server, sometimes for hours, and then reconnect again. During these disconnections, the same client PCs are able to browse the internet normally. There are no restrictions for the traffic going from the inside to the outside. During the disconnections, if we try to connect using a public IP bypassing the ASA & router,.
View 1 Replies
View Related
Sep 17, 2012
I am reading my gmail through Outlook 2007, using imap. When my computer is connected to the router by cable, everything works fine. When I try to connect wireless to the same router, it wont work. I can send e-mails, but outlook will not download new mail og syncronize with the server.
View 1 Replies
View Related
Mar 11, 2012
We have a Cisco secure VPN site to site tunnel between the 2 locations.Which ports are need to open on tunnel so that users can successfully use OCS over the site to site VPN tunnel.All the users are havning the main brach AD account.Using Wireshark captured the packets, found only port TCP 5060, after allowing this port over tunnel I can see the authentication window.The user authentication fails. Already port 3389, 80, 443 are allowed.The main requirement is to only have the Chat, Group Chat and file transfer. Not require AV traffic.OCS is using TCP. no TLS is configured.
View 1 Replies
View Related
Jul 16, 2012
Outlook 2007 worked fine with my old router and when our laptops are connected on other networks. But both home laptops take about a minute to go through the "receiving mail" process with GMAIL pop3 accounts when connecting through the new E4200. Everything is factory default, and I reinstalled Outlook. This problem does not occur with the roadrunner email accounts also set up in Outlook
View 7 Replies
View Related
Aug 22, 2011
I can connect to Internet perfectly fine. I can even VPN back into my office. However, once connected via VPN and I launch my Outlook Client, I'm not able to connect to get emails. When I run a "netstat -a", I get my "SYN_SENT" to all my office domain controllers and exchange servers.However, if I connected via my Starhub USB Broadband dongle, everything works perfectly fine.What settings do I need to do on my router? I tried port forwarding and application rules but none worked.
View 4 Replies
View Related
Nov 7, 2012
i have exchange with NLB cluster.
i want to PAT the cluster ip to access email from outside. i know i can add the static arp entry for multicast cluster ip.
my question is i can add static nat command to that same cluster ip for port 25 and 443 like normal way like we do for normal PAT?
View 2 Replies
View Related
Jan 17, 2012
We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM. We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]
View 1 Replies
View Related
Nov 29, 2011
Our ASA 5510 has been in place for nearly two years, we never have any issue what so ever with it. All along the ASA has been using the default policy. Lately, we beeen getting email deferred in our Barracuda Spam firewall. Google quickly reveals that ESMTP does not play nice with Barracuda witch i disabled eventhough we haven't had any issue with it before. However, the issue remains, we still getting email deferred in the barracuda.
While doing more troubleshooting on the ASA, I constated when issue the command show local-host + IP of the Barracuda, there is an IP address in outside of the interface that can get up to 96 UDP port 53 connections with the Barracuda, this connection never get lower than 20! However, when checking the default setup for the Barracuda, i have the values below:
Incoming SMTP Timeout: 20
Message per SMTP Session : 8
Maximum SMTP Error SMTP Session: 2
Maximum Connection per Client 30m:40
My question is if that ASA show up to 96 DNS session with an outside host to my barracuda, won't that push the barracuda to play email deferred timeout ? Should I change the barracuda default setting? Or should i change the connections limits for the Barracuda in the ASA?
View 3 Replies
View Related
Jun 3, 2012
In Cisco ASA 5510 , outlook port only permit ( pop3 995/smtp :587) with TLS encryption. How we can do it thru ASDM .
View 1 Replies
View Related
May 8, 2012
I know that I've run into this before but I can't remember the fix. I have a 5510. The 3 interfaces involved are INSIDE, OUTSIDE, and GUEST. Corporate users are allowed to put their iPhones on the Guest network, but the problem is that their Exchange ActiveSync stops working. It is tied to the external DNS name of the OWA server (we'll say webmail.abc.com). So the users are funneled out one public IP on the OUTSIDE interface and are trying to communicate with the outside of the OWA server, which is NATed to another public IP on the same outside interface. What do I need to do on the ASA to allow users on the guest network (behind the GUEST interface) to access the mail server using its public IP (behind the INSIDE interface)
View 1 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Mar 21, 2012
I Have an asa 5510 running code 7.2 configured with ssl vpn,ssl vpn users able to connect to to portal which i have configured with the required resources,but the thing is that these ssl users unable to upload files to cifs shared directory , although they have full access to the shared folder
View 0 Replies
View Related
Dec 9, 2011
I configured one ASA 5510 firewall with CSC-SSM-10 in one of my customer location.
Here i want configure my firewall to send email alerts to particular mail ID, if anybody any access my network from outside( Like VPN users).
View 1 Replies
View Related
Apr 8, 2011
when u use the debug cryoto isakmp 127 on the asa 5510, in order to troubleshhot remote access vpn users,to which entry r u looking in the debug to see if the user enter wrong password?
View 1 Replies
View Related
Apr 5, 2011
How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture
View 9 Replies
View Related
Jul 5, 2012
How many user accounts i can create to a Cisco ASA box? Say for example a Cisco ASA 5510 or Cisco ASA 5520?
View 5 Replies
View Related
Apr 19, 2010
I'm actually require authentication for users who are coming from the PublicVLAN (the vlan associated with the wireless hotspot) to authenticate themself to the LDAP server via my firewall ASA 5510
View 12 Replies
View Related
Sep 12, 2011
I am migrating over from and old PIX to an ASA 5510. After configuring the new device everything else is functional (Internet) but users are unable to pass traffic when connected through the vpn, they are able to authenticate and I see their session connected on the ASDM but no data is passed..[code]
View 4 Replies
View Related
Nov 16, 2011
I have some users from another company who are visiting my company. The use outlook to access their mail. I think it is via RPC over https (ssl). When there are on my network they are unable to send messages but when the connect to an ISP directly they are able to send. I have a cisco 2821 as my internet router and an ASA5505 (8.0.5...i downgraded it from 8.2.3) as my firewall. I have not blocked anything from going out. Of note is that when other users use window live configured for gmail....which uses tls they are unable to send emails with atachements. Regular emails go though no problem. Hotmail can send atachments without a problem (there is no encrytion there). I have narrowed the issue down to how the firewall treats esmtp or tls traffic passing though it. I have already diabled inspect esmtp on the firewall.
View 2 Replies
View Related
May 17, 2013
internet is working with the client except for gmail account using outlook 2010.
View 1 Replies
View Related
May 29, 2013
I am trying to issue command "ssh key-exchange group dhgroup14" on several of my ASA firewalls. The key-exchange command is failing on 3 of 4 ASA firewalls. According to Cisco documentation, this command was introducted in 8.4. My ASA's are running version 8.6.1.10, 9.1.1.8, 9.1.1.10 and 9.1.2. The command is available only with 9.1.2.
Example from one my ASA.
lbjinetfw# show version | in Version
Cisco Adaptive Security Appliance Software Version 8.6(1)10
Device Manager Version 7.1(2)
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
lbjinetfw# config t
lbjinetfw(config)# ssh
[code]....
View 3 Replies
View Related
Apr 25, 2011
I am using ASA 5505 firewall with base-license. I connected my firewall to one cisco 3750 switch where i created 5 vlans. I done NATing for all vlans and they able to get internet and working fine. They able to browse all internet sites like gmail and yahoo mail.
All internal users are configured to use Outlook for their webmail. Here the problem is with outlook they are unable to send and receive the mails.
If they directly connected their system using public ip( Directly from ISP) they able to send and receive mails from outlook.
View 2 Replies
View Related
Feb 26, 2013
We have the following setup on our Cisco ASA version 8.6.1 One to one NAT rule from outside to our Exchange 2010 cluster IP address (DAG group). This is working fine for clients on the internet accessing their emails via Exchange using their phones. The ASA has the MAC address of the active node from the cluster but when the cluster failover it cache the IP address and are not updating the new MAC when the cluster failover. So users from the outside are unable to connect to the new node from outside the ASA as the MAC address from the passive node is in the MAC table. The MAC address on all the switches update within 2 seconds on the internal network and users don't notice any outage.
View 4 Replies
View Related
Aug 16, 2011
We have a ASA5510 with a webserver in the DMZ network 10.2.2.0/24. We now want this web server to be able to access the Exchange server in the Inside network 10.1.1.0/24. I researched this and it seemed straight forward according the the Cisco document below:
[URL]
I'm looking to do this with smtp so I added these lines to the config:
static (inside,DMZ) 10.2.2.30 10.1.1.11 netmask 255.255.255.255
access-list dmz extended permit tcp host 10.2.2.2 host 10.2.2.30 eq smtp
The configuration line:access-group DMZ in interface DMZ Already existed in the configuration so didn't need to be re-entered.
ASA Version 8.0(4)
!
hostname xxxx
domain-name xxxx.com
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
[code]....
View 28 Replies
View Related
Jun 15, 2011
I have the following scenario.
INET
(205.50.50.1)
|
|
(205.50.50.2)
[CISCO ASA 5540]
(10.10.10.1)
|
|
+ ---------------------------------------------+
(10.10.10.2) (10.10.10.3)
[BARRACUDA] [Exchange SRV]
Mail Domain: mail.domain.com (205.50.50.50)
Ok so the mail flows to the Barracuda using a static 1:1 NAT configuration and then gets delivered from the Barracuda to the Exchange server. I want to implement active sync (Direct Push) for Windows mobile devices. They need to communicate with mail.domain.com over port 443. The problem is I want mail to continue to flow to the Barracuda, but direct Direct Push traffic to the Exchange server.I cnow I can't implement two 1:1 NAT mappings from the same external hostname to 2 different servers.
View 3 Replies
View Related
Jun 26, 2012
I am trying to port forwarding Exchange 2010 OWA using ASA5505, wherever I used object NAT or Twice NAT it just doesn't work.... here is my config:
access-list outside-access remark "Exchange Server Access Rules"
access-list outside-access extended permit tcp any host <public x.x.x.11> eq smtp
access-list outside-access extended permit tcp any host <public x.x.x.11> eq https
[code]...
note that i use public ip <public x.x.x.9> on the outside interface for PAT, so all hosts in the same private can access internet
View 1 Replies
View Related
Jul 23, 2011
I picked up a rather nasty bit of malware which resulted in a format and installation of Windows Ultimate 64, all well now except i cant get the wireless to work, downloaded assorted drivers from the dell support directory but to no avail, so questions are-:am i missing something obvious (windows function button for wireless does nothing)what is the correct driver for the N5040 and are there any tricks in getting it to work.
View 1 Replies
View Related
Apr 23, 2012
I have an ASA 5505 with the base license,When I setup the DMZ interface I had to add the deny access to the inside VLAN. The DMZ works fine with WiFi on it, but user's iPhones can't get email unless they turn WiFi off.Is there a simple way to allow HTTPS traffic through the DMZ interface to our internal Exchange server which is NAT'd on the 5505's external IP?
View 3 Replies
View Related
May 17, 2013
Client has a Cisco ASA 5510 with 4 L2L VPN's all using 5505's
The L2L connect to the "outside" interface as do the VPN Users (I'm leary of this
The VPN Users need access to the "inside" networks and all L2L subnets.
The VPN User has its own subnet (192.168.168.0/24( seperate from the Local LANs (172.16.0.0/16)
When the Users VPN in they can get to all the subnets connected to the inside interface but none of the L2L subnets
I have verified that the UserVPN Subnet is in the crypto acls and in the route statements of all L2L 5505s
View 3 Replies
View Related
Sep 27, 2011
we have a ASA 5510 firewall and i have created remote vpn user who connects the internal network via vpn any connect after connecting i want him to only access his internal PC via rdp and not access other internal website or shared folders without connecting to the RDP however now he can access the internal website wihtout connecting to RDP?
View 3 Replies
View Related
