Solved

Cisco ASA 5505 Active Sync and OWA page

Posted on 2014-12-22
5
403 Views
Last Modified: 2014-12-22
Hello,

I am replacing an old Linksys with a less old Cisco ASA 5505.  I have the ASA partially working how I want.  The issue I am having is that I can't hit my OWA page from inside the network, and my ActiveSync won't work inside the network.  Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config

TIA

ASA Version 9.2(2)4
!
hostname ciscoasa
enable password <removed>
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 allow-ssc-mgmt
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network RDP_SERVER
 host 192.168.1.7
object network OLD_SMTP
 host 192.168.1.7
 description Old Server b4 migration
object network HTTPS_SERVER
 host 192.168.1.7
object network HTTP_Server
 host 192.168.1.7
object-group service RDP tcp
 description MS Remote Desktop Protocol
 port-object eq 3389
object-group service Alt_SMTP tcp
 description alternate port for incoming mail
 port-object eq 2525
access-list outside_access_in extended permit tcp any4 object RDP_SERVER object-group RDP
access-list outside_access_in extended permit tcp any4 object HTTPS_SERVER eq https
access-list outside_access_in extended permit tcp any4 object OLD_SMTP object-group Alt_SMTP
access-list outside_access_in extended permit tcp any4 object HTTP_Server eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
 nat (inside,outside) dynamic interface
object network RDP_SERVER
 nat (any,outside) static interface service tcp 3389 3389
object network OLD_SMTP
 nat (inside,outside) static interface
object network HTTP_Server
 nat (any,outside) static interface
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 172.16.0.0 255.255.248.0 inside
http 192.168.1.0 255.255.255.0 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh 172.16.0.0 255.255.248.0 inside
ssh 192.168.1.0 255.255.255.0 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
username <removed>
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
hpm topN enable
Cryptochecksum:d7a44deb769a6c5d027b5a7edf217d6d
: end
0
Comment
Question by:Zorniac
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40514273
Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config

The firewall shouldn't come into play here. Internally these devices should be going directly to Exchange.

I would check how you have DNS configured internally. Do you have split-brain DNS configured?

Also, need to know the version of Exchange you are on.
0
 
LVL 1

Author Comment

by:Zorniac
ID: 40514284
Hi Gareth,

Yup Thanks, that was it.  I could have swore I created the new zone.  However, I in fact didn't and once I did that made my records, flushed my dns cache it all started working.

So why does a Linksys router work without my split-dns, but an ASA doesn't?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40514290
Chances are the Cisco router blocks egress and the Linksys does not.

So, everything is good?
0
 
LVL 1

Author Closing Comment

by:Zorniac
ID: 40514296
yes sir, all is good.  Thank you for your help
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40514297
Glad to help!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question