Cisco ASA 5505 Active Sync and OWA page


I am replacing an old Linksys with a less old Cisco ASA 5505.  I have the ASA partially working how I want.  The issue I am having is that I can't hit my OWA page from inside the network, and my ActiveSync won't work inside the network.  Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config


ASA Version 9.2(2)4
hostname ciscoasa
enable password <removed>
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
object network RDP_SERVER
object network OLD_SMTP
 description Old Server b4 migration
object network HTTPS_SERVER
object network HTTP_Server
object-group service RDP tcp
 description MS Remote Desktop Protocol
 port-object eq 3389
object-group service Alt_SMTP tcp
 description alternate port for incoming mail
 port-object eq 2525
access-list outside_access_in extended permit tcp any4 object RDP_SERVER object-group RDP
access-list outside_access_in extended permit tcp any4 object HTTPS_SERVER eq https
access-list outside_access_in extended permit tcp any4 object OLD_SMTP object-group Alt_SMTP
access-list outside_access_in extended permit tcp any4 object HTTP_Server eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
 nat (inside,outside) dynamic interface
object network RDP_SERVER
 nat (any,outside) static interface service tcp 3389 3389
object network OLD_SMTP
 nat (inside,outside) static interface
object network HTTP_Server
 nat (any,outside) static interface
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http inside
http outside
http inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh inside
ssh outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
username <removed>
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
 class class-default
  user-statistics accounting
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
hpm topN enable
: end
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gareth GudgerSolution ArchitectCommented:
Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config

The firewall shouldn't come into play here. Internally these devices should be going directly to Exchange.

I would check how you have DNS configured internally. Do you have split-brain DNS configured?

Also, need to know the version of Exchange you are on.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ZorniacAuthor Commented:
Hi Gareth,

Yup Thanks, that was it.  I could have swore I created the new zone.  However, I in fact didn't and once I did that made my records, flushed my dns cache it all started working.

So why does a Linksys router work without my split-dns, but an ASA doesn't?
Gareth GudgerSolution ArchitectCommented:
Chances are the Cisco router blocks egress and the Linksys does not.

So, everything is good?
ZorniacAuthor Commented:
yes sir, all is good.  Thank you for your help
Gareth GudgerSolution ArchitectCommented:
Glad to help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.