I have a Cisco 2921 on the Edge with an ASA 5505 on the inside. Up until Friday all IPHONEs were able to access email with no problem. All of a sudden they are unable to access the email. If I add an ACL to the outside interface it works again. The part I do not understand is that I can make it any permit statement and it works even though it has nothing to do with port 443.
For example if I added:
ip access-list extended OUTSIDE_ACESS_IN
permit tcp any host 192.168.100.10 eq 3389
and then assign it on the in direction to the outside interface.
The IPHONEs are once again able to retrieve email from the Exchange server even though that access list is pointing remote access to the remote access server. I can make it any access list I want and active sync will work again but the minute I remove the ACL it stops again. The only changes that were made since Friday, is that I enabled Netflow.