Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Cisco ASA 5505 Active Sync and OWA page

Posted on 2014-12-22
Medium Priority
Last Modified: 2014-12-22

I am replacing an old Linksys with a less old Cisco ASA 5505.  I have the ASA partially working how I want.  The issue I am having is that I can't hit my OWA page from inside the network, and my ActiveSync won't work inside the network.  Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config


ASA Version 9.2(2)4
hostname ciscoasa
enable password <removed>
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
object network RDP_SERVER
object network OLD_SMTP
 description Old Server b4 migration
object network HTTPS_SERVER
object network HTTP_Server
object-group service RDP tcp
 description MS Remote Desktop Protocol
 port-object eq 3389
object-group service Alt_SMTP tcp
 description alternate port for incoming mail
 port-object eq 2525
access-list outside_access_in extended permit tcp any4 object RDP_SERVER object-group RDP
access-list outside_access_in extended permit tcp any4 object HTTPS_SERVER eq https
access-list outside_access_in extended permit tcp any4 object OLD_SMTP object-group Alt_SMTP
access-list outside_access_in extended permit tcp any4 object HTTP_Server eq www
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
 nat (inside,outside) dynamic interface
object network RDP_SERVER
 nat (any,outside) static interface service tcp 3389 3389
object network OLD_SMTP
 nat (inside,outside) static interface
object network HTTP_Server
 nat (any,outside) static interface
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http inside
http outside
http inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh inside
ssh outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
username <removed>
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
 class class-default
  user-statistics accounting
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
hpm topN enable
: end
Question by:Zorniac
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 31

Accepted Solution

Gareth Gudger earned 2000 total points
ID: 40514273
Both of these services are working from outside the network.  Please tell me how to get these services working from inside my network as well.  Below is my running config

The firewall shouldn't come into play here. Internally these devices should be going directly to Exchange.

I would check how you have DNS configured internally. Do you have split-brain DNS configured?

Also, need to know the version of Exchange you are on.

Author Comment

ID: 40514284
Hi Gareth,

Yup Thanks, that was it.  I could have swore I created the new zone.  However, I in fact didn't and once I did that made my records, flushed my dns cache it all started working.

So why does a Linksys router work without my split-dns, but an ASA doesn't?
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40514290
Chances are the Cisco router blocks egress and the Linksys does not.

So, everything is good?

Author Closing Comment

ID: 40514296
yes sir, all is good.  Thank you for your help
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40514297
Glad to help!

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question