Cesare', Thanks for the information. I will pass this along to my network guy.
- Sean On Fri, Nov 14, 2008 at 5:24 AM, Cesare' A. Ramos <[EMAIL PROTECTED]> wrote: > Here is what I received from my Cisco guy. > > > > ONE > > > > The Cisco ASA CLI for all idle connections is the following would > change it to 15 minutes > > > > timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 > > > > > > TWO > > But, since they come from the world of switch/routers should you > have the interface address configured you must then use the interface > keyword; example. > > > > -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp > > +access-list OUTSIDEIP extended permit tcp any interface outside eq > smtp > > (In the ASDM you just type "outside" without the quotes for > destination). > > > > NOTE from Research: > > > > "I found the problem. When you use the ASA GUI to make rule changes, it > doesn't put the correct syntax on the rule. Instead of access-list > outside_acl extended permit tcp any host Email2003 eq https; I was getting > access-list outside_acl extended permit tcp any eq https host Email2003 eq > https > > > > Deleted that rule, put the right syntax, and it is fixed. > > > > Thanks to all who read and helped. " exerted from > http://www.themssforum.com/ExchangeSetup/Cisco/ > > > > > > THREE > > > > Example of DMZ Mail Server configuration from Cisco > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml > > > > Cisco ASA configuration example for Exchange 2007 Edge setup > > > http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 > > > > > > It must be takem into consideration what environment MS Exchange is in > whether, it is a FrontEnd, BackEnd, or just a single internal server. > > Hope this helps. > > > > *CAR* > > Office: 305-443-0331 xt. 1202 > Mobile: 786-412-1746 > Skype: 305-851-2606 > Fax: 305-443-0350 > e-Mail: [EMAIL PROTECTED] > BB Pin: 23E727FF > AIM: cramosMIA > MSN: [EMAIL PROTECTED] > Yahoo: cramosMIA** > > > > *From:* Sean Martin [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, November 13, 2008 6:56 PM > *To:* NT System Admin Issues > *Subject:* Cisco ASA Assistance > > > > Anyone out there familiar with the Cisco ASA GUI? > > > > I need my network department configure the HTTPS timeout for 15 minutes > based on Microsoft recommendations for Exchange ActiveSync. The only guy > available in our network department isn't familiar with the ASA. > > > > Thanks, > > > > - Sean > > > > > > > ------------------------------ > This e-Mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this e-Mail in error please notify the sender via > returned e-Mail. Please note that any views or opinions presented in this > e-Mail are solely those of the author and do not necessarily represent those > of the company. Although IDF operates anti-virus programs, it does not > accept responsibility for any damage whatsoever that is caused by viruses > being passed. > > ** Think before you print this message. ** > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
