1. Home
  2. Networking Firewalls
  3. ASA 5505 incoming traffic issue

ASA 5505 incoming traffic issue

have an issue getting emailthrough the Cisco ASA to our email server is 10.100.50.172 255.255.0.0 Everything else is working. We have internet. All outgoin traffic is OK. Is anybody see what's wrong. Thanks,

ASA Version 8.0(2) ! hostname RedRiverASA

names ! interface Vlan1 nameif inside security-level 100 ip address 10.100.86.1 255.255.0.0 ospf cost 10 ! interface Vlan2 nameif outside security-level 0 ip address xxx.yyy.15.10 255.255.255.248 ospf cost 10 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd Vcn8uAzrKx1tjbpj encrypted boot system disk0:/asa802-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name redriverfoods.com object-group service VideoFlow service-object tcp range 3230 3253 service-object tcp eq h323 service-object udp range 3230 3235 access-list out_in extended permit tcp any host xxx.yyy.15.10 eq www access-list out_in extended permit tcp any host xxx.yyy.15.10 eq https access-list out_in extended permit tcp any host xxx.yyy.15.10 eq smtp pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any outside asdm image disk0:/asdm-602.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 10.100.0.0 255.255.0.0 static (inside,outside) xxx.yyy.15.10 10.100.50.172 netmask

255.255.255.255 access-group out_in in interface outside route outside 0.0.0.0 0.0.0.0 xxx.yyy.15.9 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 10.100.0.0 255.255.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no crypto isakmp nat-traversal telnet 10.100.0.0 255.255.0.0 inside telnet timeout 30 ssh timeout 5 console timeout 30 dhcpd auto_config outside !

no threat-detection basic-threat no threat-detection statistics access-list ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default ! service-policy global_policy global prompt hostname context Cryptochecksum:bd3505f41995b9dba0c49b19e79760f5

Reply to
Exclusive
Loading thread data ...

static (inside,outside) tcp interface smtp 10.100.50.172 smtp netmask 255.255.255.255

Reply to
swk

This works in this case, but I also need to open tcp 3230-3238, udp

3230-3258 for video conferencing. . How I can resolve this? Thanks for the help!
Reply to
Exclusive

it should be similar

static (inside,outside) tcp interface 3230 10.100.50.172 3230 netmask

255.255.255.255

I am not sure you are able to port map by port range, the best way to do this is to assign a global ip address and use static and access- list to control the traffic flow

Reply to
swk

object-group service polycom udp port-object range 3230 3253 object-group service filemaker tcp port-object range 5003 5003 object-group service jabber tcp-udp port-object range 5222 5223

access-list outside_access_in extended permit tcp any host 12.110.110.204 object-group jabber access-list outside_access_in extended permit udp any host 144.51.68.4 object-group jabber access-list outside_access_in extended permit tcp any host 198.81.129.148 object-group filemaker access-list outside_access_in extended permit udp host 12.110.110.204 host

198.81.129.148 object-group polycom
Reply to
Gary

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.