Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
1 post • Page 1 of 1
Hello, I have problem with communications through ASA to MS exchange server.Im testing new connection to the internet and ASA is a default-gateway for my VLAN user VLAN.Its a similar problem described in this doc http://www.cisco.com/en/US/partner/prod ... 7.shtmlThe diferrence is that Im connected to L3 switch but it doesn matter in this situation.All services (DNS, DHCP) in LAN works but I have problem with connection to exchange server only.That mentioned services are VLANs separated and on ASA is static routing added to this networks.I have no ACL blocking traffic on inside interface. Does anyone have a similar problem?
Hello, Seems like you are referring to Assymmetric routing problem. In such a situation, all non-connection oriented traffic will work fine. But conneciton oriented traffic (TCP based) will suffer. You have couple of options. The easiest one is to make the L3 switch as the gateway for your exchange server. This way, the switch will make the routing decision for the exchange traffic and will deliver all local lan traffic to respective VLAN interfaces and internet traffic to the firewall. The other option, if you are running 8.2 code version, is to configure TCP state bypass. This will ask the firewall not to keep track of the TCP status of certain traffic. Here is a document that outlines the configuration requirements for TCP State bypass. http://www.cisco.com/en/US/docs/securit ... bypass.pdf Hope this helps. Regards, NT