Here is what I received from my Cisco guy.
ONE
The Cisco ASA CLI for all idle connections is the following would change
it to 15 minutes
timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
TWO
But, since they come from the world of switch/routers should you have
the interface address configured you must then use the interface keyword;
example.
-access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp
+access-list OUTSIDEIP extended permit tcp any interface outside eq smtp
(In the ASDM you just type "outside" without the quotes for destination).
NOTE from Research:
"I found the problem. When you use the ASA GUI to make rule changes, it
doesn't put the correct syntax on the rule. Instead of access-list outside_acl
extended permit tcp any host Email2003 eq https; I was getting access-list
outside_acl extended permit tcp any eq https host Email2003 eq https
Deleted that rule, put the right syntax, and it is fixed.
Thanks to all who read and helped. " exerted from
http://www.themssforum.com/ExchangeSetup/Cisco/
THREE
Example of DMZ Mail Server configuration from Cisco
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml
Cisco ASA configuration example for Exchange 2007 Edge setup
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23372433.html#a21489032
It must be takem into consideration what environment MS Exchange is in whether,
it is a FrontEnd, BackEnd, or just a single internal server.
Hope this helps.
CAR
Office: 305-443-0331 xt. 1202
Mobile: 786-412-1746
Skype: 305-851-2606
Fax: 305-443-0350
e-Mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
BB Pin: 23E727FF
AIM: cramosMIA
MSN: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
Yahoo: cramosMIA
From: Sean Martin [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2008 6:56 PM
To: NT System Admin Issues
Subject: Cisco ASA Assistance
Anyone out there familiar with the Cisco ASA GUI?
I need my network department configure the HTTPS timeout for 15 minutes based
on Microsoft recommendations for Exchange ActiveSync. The only guy available in
our network department isn't familiar with the ASA.
Thanks,
- Sean
________________________________
This e-Mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this e-Mail in error please notify the sender via returned
e-Mail. Please note that any views or opinions presented in this e-Mail are
solely those of the author and do not necessarily represent those of the
company. Although IDF operates anti-virus programs, it does not accept
responsibility for any damage whatsoever that is caused by viruses being passed.
** Think before you print this message. **
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
