Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
1
Replies

Odd behavior of ACL?

Michael Couture
Level 1
Level 1

‎02-29-2012 05:27 AM - edited ‎03-04-2019 03:29 PM

I have a Cisco 2921 on the Edge with an ASA 5505 on the inside. Up until Friday all IPHONEs were able to access email with no problem. All of a sudden they are unable to access the email. If I add an ACL to the outside interface it works again. The part I do not understand is that I can make it any permit statement and it works even though it has nothing to do with port 443.

For example if I added:

ip access-list extended OUTSIDE_ACESS_IN

permit tcp any host 192.168.100.10 eq 3389

and then assign it on the in direction to the outside interface.

The IPHONEs are once again able to retrieve email from the Exchange server even though that access list is pointing remote access to the remote access server. I can make it any access list I want and active sync will work again but the minute I remove the ACL it stops again. The only changes that were made since Friday, is that I enabled Netflow.

Labels:
0 Helpful
1 Reply 1

Michael Couture
Level 1
Level 1

‎02-29-2012 07:13 AM

I figured it out, it had not thing to do with the ACL. I did not notice that when I applied the ACL it shut down the connection. IP Sla was not able to pass its ICMP packets, causing the interface to shut down and bring up the back up interface. The problem was with the way the DNS records were setup. DNS was still trying to send all the active Sync mail traffic to the backup interface, which was the primary until recently.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card