Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
1
Replies

DMZ & activesync

Brett Paulins
Level 1
Level 1

‎01-19-2015 05:53 AM - edited ‎03-10-2019 12:20 AM

I have a DMZ guest network setup on our ASA 5505. In my DMZ ACL's, I have denied access to the local production network 192.168.1.0/24 located on the inside interface and permitted access to any other network. I set it up this way so employee devices on the DMZ guest network can access internal resources, via their external names. These include mail.company.com, eportal.company.com, and mail.company.com/OWA. My ACL's are properly allowing access to these sites and blocking access to anything on the internal production network 192.168.1.0/24 as planned.

My only problem is that when connected to the DMZ network, even though I can browse to these websites on a client (PC or Android), Android clients can't sync with Exchange located at mail.company.com. If they disconnect from the DMZ and connect to Verizon's network, they sync just fine.

I can see the hit count increasing on my DMZ ACL (permit ip any any) but, the Android clients still won't sync mail. The other DMZ ACL (deny ip any 192.168.1.0/24) hit count is not increasing so I know I am hitting the correct external address of mail.company.com.

I don't see anything in the Exchange logs so I feel like I am missing something on the ASA.

 

Any ideas why the Android clients can't sync their mail? 

 

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

Brett Paulins
Level 1
Level 1

‎01-19-2015 07:36 AM

Solved:

Found this - all is working now.

http://www.packetu.com/2012/09/27/asa-guest-network-with-limited-inside-access/

 

Thanks,

0 Helpful
Customers Also Viewed These Support Documents