Solved

Cisco ASA 5505 Active Sync and OWA page

Posted on 2014-12-22
5
327 Views
Last Modified: 2014-12-22
Hello,

I am replacing an old Linksys with a less old Cisco ASA 5505.  I have the ASA partially working how I want.  The issue I am having is that I can't hit my OWA page from inside the network, and my ActiveSync won't work inside the network.  Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config

TIA

ASA Version 9.2(2)4
!
hostname ciscoasa
enable password <removed>
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 allow-ssc-mgmt
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network RDP_SERVER
 host 192.168.1.7
object network OLD_SMTP
 host 192.168.1.7
 description Old Server b4 migration
object network HTTPS_SERVER
 host 192.168.1.7
object network HTTP_Server
 host 192.168.1.7
object-group service RDP tcp
 description MS Remote Desktop Protocol
 port-object eq 3389
object-group service Alt_SMTP tcp
 description alternate port for incoming mail
 port-object eq 2525
access-list outside_access_in extended permit tcp any4 object RDP_SERVER object-group RDP
access-list outside_access_in extended permit tcp any4 object HTTPS_SERVER eq https
access-list outside_access_in extended permit tcp any4 object OLD_SMTP object-group Alt_SMTP
access-list outside_access_in extended permit tcp any4 object HTTP_Server eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
 nat (inside,outside) dynamic interface
object network RDP_SERVER
 nat (any,outside) static interface service tcp 3389 3389
object network OLD_SMTP
 nat (inside,outside) static interface
object network HTTP_Server
 nat (any,outside) static interface
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 172.16.0.0 255.255.248.0 inside
http 192.168.1.0 255.255.255.0 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh 172.16.0.0 255.255.248.0 inside
ssh 192.168.1.0 255.255.255.0 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
username <removed>
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
hpm topN enable
Cryptochecksum:d7a44deb769a6c5d027b5a7edf217d6d
: end
0
Comment
Question by:Zorniac
  • 3
  • 2
5 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40514273
Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config

The firewall shouldn't come into play here. Internally these devices should be going directly to Exchange.

I would check how you have DNS configured internally. Do you have split-brain DNS configured?

Also, need to know the version of Exchange you are on.
0
 
LVL 1

Author Comment

by:Zorniac
ID: 40514284
Hi Gareth,

Yup Thanks, that was it.  I could have swore I created the new zone.  However, I in fact didn't and once I did that made my records, flushed my dns cache it all started working.

So why does a Linksys router work without my split-dns, but an ASA doesn't?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40514290
Chances are the Cisco router blocks egress and the Linksys does not.

So, everything is good?
0
 
LVL 1

Author Closing Comment

by:Zorniac
ID: 40514296
yes sir, all is good.  Thank you for your help
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40514297
Glad to help!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now