How do I allow secure imap access from outside firewall?

I have Cisco ASDM 6.2 for ASA and am trying to allow external secure imap access. I have a PAT set up for:

original interface=outside, source=external.mail.ip.address
translated interface=inside, ip address=exchangeserver
PAT original=993 and translated=993 (having these the same doesn't really make sense to me)

When I do a packet trace with the following info, the packet is dropped on the ACL:
interface=outside, type=TCP, source ip=external.mail.ip.address, source port=993, destination ip=internal.exchange.ip, destination port=993

The ACL it fails on is the last outside rule (any any ip deny).

Admittedly I don't know much about this and an external company originally set all this up. There could be all sorts of things wrong with this - but I do know I can't get IMAP from outside, only from the inside.

Thanks!
Dumont
rjonesordwayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ShareefHuddleCommented:
I see you have a NAT/PAT in place but do you have an ACL that allows the traffice? Can u post your ASA config?

Shareef
0
rjonesordwayAuthor Commented:
Yes. Here you go. Thanks.
acl.html
0
ShareefHuddleCommented:
Your ACL looks fine. What does your NAT line look like?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

rjonesordwayAuthor Commented:
Thanks. Here you go. ASDM NAT
0
ShareefHuddleCommented:
Is the Translated address on line 9 of the inside the same as the Source on line 2 of the outside nat's?

Shareef
0
rjonesordwayAuthor Commented:
Yes it is the same.
0
rjonesordwayAuthor Commented:
Turned out I needed another NAT and a couple more ACLs. Thanks.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rjonesordwayAuthor Commented:
Had to hire someone to fix it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.