I have an ASA 5505 with the base license, which I setup a DMZ interface on for WiFi clients. When I setup the DMZ interface I had to add the deny access to the inside VLAN. The DMZ works fine with WiFi on it, but user's iPhones can't get email unless they turn WiFi off.
I can see a log entry stating that the connection was "denied by ACL from <dmz ip>/49689 to dmz:<external ip>/443"
Is there a simple way to allow HTTPS traffic through the DMZ interface to our internal Exchange server which is NAT'd on the 5505's external IP?
You're going to need a security image for the 5505 in order to be able to forward traffic to both the inside and outside interfaces from the dmz. The reason that it works by turning wifi off is because it has to go through the provider at that point and your users are hitting your outside interface. Currently, with the base image, you can only forward traffic to one interface or the other but not both.
You'll need to get a license key I believe. I've only ordered them with the security license, so you could ask Cisco the best way to go about it.
Please rate if useful...