How do I allow secure imap access from outside firewall?

I have Cisco ASDM 6.2 for ASA and am trying to allow external secure imap access. I have a PAT set up for:

original interface=outside, source=external.mail.ip.address
translated interface=inside, ip address=exchangeserver
PAT original=993 and translated=993 (having these the same doesn't really make sense to me)

When I do a packet trace with the following info, the packet is dropped on the ACL:
interface=outside, type=TCP, source ip=external.mail.ip.address, source port=993, destination ip=internal.exchange.ip, destination port=993

The ACL it fails on is the last outside rule (any any ip deny).

Admittedly I don't know much about this and an external company originally set all this up. There could be all sorts of things wrong with this - but I do know I can't get IMAP from outside, only from the inside.

Thanks!
Dumont
rjonesordwayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ShareefHuddleCommented:
I see you have a NAT/PAT in place but do you have an ACL that allows the traffice? Can u post your ASA config?

Shareef
rjonesordwayAuthor Commented:
Yes. Here you go. Thanks.
acl.html
ShareefHuddleCommented:
Your ACL looks fine. What does your NAT line look like?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

rjonesordwayAuthor Commented:
Thanks. Here you go. ASDM NAT
ShareefHuddleCommented:
Is the Translated address on line 9 of the inside the same as the Source on line 2 of the outside nat's?

Shareef
rjonesordwayAuthor Commented:
Yes it is the same.
rjonesordwayAuthor Commented:
Turned out I needed another NAT and a couple more ACLs. Thanks.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rjonesordwayAuthor Commented:
Had to hire someone to fix it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.