Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Activesync Using Cisco ASA

Posted on 2013-01-23
8
Medium Priority
?
891 Views
Last Modified: 2014-11-30
My requirement is to allow users using Android or I Phone to access the mails using Microsoft Activesync . The connectivity will be through Cisco ASA.
Let me know if this can be achieved through Cisco ASA.
Does Cisco ASA supports this. What type of connectivity is required.
Does it works on SSL VPN or it works on IPSec VPN ?
What kind of authentication is supported ?
0
Comment
Question by:SrikantRajeev
  • 4
  • 3
8 Comments
 
LVL 10

Expert Comment

by:rscottvan
ID: 38811180
ActiveSync can simply be published on port 443 (SSL) and you can poke a hole in the firewall for an Exchange Frontend Server on that port.  I would say that's a reasonable solution if you have a separate Exchange server for frontend services, and it's in a DMZ.  If it's your internal Exchange server, VPN connectivity might be more prudent.

Either SSL or IPSec VPN would permit this type of connection.  Any connectivity to the internet outside the firewall would work fine.

RADIUS, Active Directory integrated, and local authentication would all be supported, as well as Cisco TACACS, or RSA SecurID.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38813761
I have my Exchange server inside & not in the DMZ.
In this scenario will SSL help.
Also if you have some document regarding this could you please share the same.
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38815067
It simply depends on your security requirements and your configuration.

1. what version of Exchange?
2. is your exchange server IP address public or private?
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38815292
exchange 2007
Private IP Address
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38815377
The simplest (but least secure) option would be to either do port translation or NAT from an outside IP to port 443 on the Exchange server.

If you configured either an SSL VPN or IPSec VPN, it would be more secure, but also more difficult for end users.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38823586
Do you have any document from cisco regarding this.
I searched but could not find relevant document from Cisco for similar connectivity
0
 
LVL 1

Accepted Solution

by:
David_Blumberg earned 2000 total points
ID: 40427137
Configuration on 8.1 and newer ios in ASA

object network SERVER
host 192.168.1.5 (IP ADDRESS OF YOUR SERVER)


access-list EXC permit tcp any object SERVER eq 443


class-map EXC
match access-list EXC


policy-map global_policy
class EXC
set connection timeout half-closed 0:30:00
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 40472269
Thanks
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Having trouble getting your hands on Dynamics 365 Field Service or Project Service trial? Worry No More!!!
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question