Solved

Activesync Using Cisco ASA

Posted on 2013-01-23
8
694 Views
Last Modified: 2014-11-30
My requirement is to allow users using Android or I Phone to access the mails using Microsoft Activesync . The connectivity will be through Cisco ASA.
Let me know if this can be achieved through Cisco ASA.
Does Cisco ASA supports this. What type of connectivity is required.
Does it works on SSL VPN or it works on IPSec VPN ?
What kind of authentication is supported ?
0
Comment
Question by:SrikantRajeev
  • 4
  • 3
8 Comments
 
LVL 10

Expert Comment

by:rscottvan
ID: 38811180
ActiveSync can simply be published on port 443 (SSL) and you can poke a hole in the firewall for an Exchange Frontend Server on that port.  I would say that's a reasonable solution if you have a separate Exchange server for frontend services, and it's in a DMZ.  If it's your internal Exchange server, VPN connectivity might be more prudent.

Either SSL or IPSec VPN would permit this type of connection.  Any connectivity to the internet outside the firewall would work fine.

RADIUS, Active Directory integrated, and local authentication would all be supported, as well as Cisco TACACS, or RSA SecurID.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38813761
I have my Exchange server inside & not in the DMZ.
In this scenario will SSL help.
Also if you have some document regarding this could you please share the same.
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38815067
It simply depends on your security requirements and your configuration.

1. what version of Exchange?
2. is your exchange server IP address public or private?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38815292
exchange 2007
Private IP Address
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38815377
The simplest (but least secure) option would be to either do port translation or NAT from an outside IP to port 443 on the Exchange server.

If you configured either an SSL VPN or IPSec VPN, it would be more secure, but also more difficult for end users.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38823586
Do you have any document from cisco regarding this.
I searched but could not find relevant document from Cisco for similar connectivity
0
 
LVL 1

Accepted Solution

by:
David_Blumberg earned 500 total points
ID: 40427137
Configuration on 8.1 and newer ios in ASA

object network SERVER
host 192.168.1.5 (IP ADDRESS OF YOUR SERVER)


access-list EXC permit tcp any object SERVER eq 443


class-map EXC
match access-list EXC


policy-map global_policy
class EXC
set connection timeout half-closed 0:30:00
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 40472269
Thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question