How to I get Blackberry internet access to work through new Cisco ASA
We recently switched routers to a Cisco ASA 5505 (config below) The Blackberry internet service (Blackberry company email) and Outlook Web Access now longer function. What changes to I have to make to this firewall to allow these to work? Our old Linksys Router enabled both of these services to work.
interface Vlan1
nameif inside
security-level 0
ip address 192.168.123.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 64.199.233.30 255.255.255.240
!
interface Vlan3
shutdown
no forward interface Vlan1
nameif dmz
security-level 50
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 3
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name axisie
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in remark Terminal server access
access-list outside_access_in extended permit ip any host 192.168.123.6
access-list outside_access_in remark Mail
access-list outside_access_in extended permit ip any host 192.168.123.5
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp any interface outside eq www
access-list acl-out extended permit icmp any any
access-list acl-out extended permit tcp any any eq www
access-list acl-out extended permit tcp any any eq 3389
access-list acl-out extended permit tcp any any eq smtp
access-list acl-out extended permit tcp any any eq 3396
access-list acl-out extended permit tcp any any eq pop3
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 0 64.199.233.30 255.255.255.255 outside
static (inside,outside) tcp interface 3389 192.168.123.6 3389 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.123.5 smtp netmask 255.255.255.255
static (outside,inside) tcp 192.168.123.5 smtp 64.199.233.30 smtp netmask 255.255.255.255
static (outside,inside) tcp 192.168.123.5 www 64.199.233.30 www netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.123.5 pop3 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 64.199.233.30 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.123.111 255.255.255.255 inside
http 192.168.123.170 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
http 192.168.123.0 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.123.0 255.255.255.255 inside
telnet 192.168.123.170 255.255.255.255 inside
interface Vlan1
nameif inside
security-level 0
ip address 192.168.123.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 64.199.233.30 255.255.255.240
!
interface Vlan3
shutdown
no forward interface Vlan1
nameif dmz
security-level 50
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 3
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name axisie
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in remark Terminal server access
access-list outside_access_in extended permit ip any host 192.168.123.6
access-list outside_access_in remark Mail
access-list outside_access_in extended permit ip any host 192.168.123.5
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp any interface outside eq www
access-list acl-out extended permit icmp any any
access-list acl-out extended permit tcp any any eq www
access-list acl-out extended permit tcp any any eq 3389
access-list acl-out extended permit tcp any any eq smtp
access-list acl-out extended permit tcp any any eq 3396
access-list acl-out extended permit tcp any any eq pop3
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 0 64.199.233.30 255.255.255.255 outside
static (inside,outside) tcp interface 3389 192.168.123.6 3389 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.123.5 smtp netmask 255.255.255.255
static (outside,inside) tcp 192.168.123.5 smtp 64.199.233.30 smtp netmask 255.255.255.255
static (outside,inside) tcp 192.168.123.5 www 64.199.233.30 www netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.123.5 pop3 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 64.199.233.30 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.123.111 255.255.255.255 inside
http 192.168.123.170 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
http 192.168.123.0 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.123.0 255.255.255.255 inside
telnet 192.168.123.170 255.255.255.255 inside
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.