how to configure ASA to allow activesync connections ?
To allow Activesync connections (between smartphones and an internal Exchange server) thru an ASA, I think about 3 or 4 potential solutions :
1) do a NAT on the Exchange server and allow activesync TCP connections from any IP to the Exchange server : I tested that and this works, but it is not the most secure solution we can imagine;
2) use a Clienless VPN SSL ASA configuration : I tried it, but got problems certaintly related to the fact that the Activesync client, installed on my Android/Samsung smartphone, does not seem to be able vto pass properly thru the ASA Portal to reach the Exchange server;
3) use an Anyconnect VPN ASA configuration : I tried it , but did not manage to install or use any of the Samsung Anyconnect client available on Android Market; by the way, I saw, in the Anyconnect VPN Client Admin Guide 2.4, that an ActiveSync MSI is available from CISCO (
anyconnect-wince-ARMv4I-activesync-AnyConnectRelease_Number-k9.msi), but I don't see any details about how it is supposed to be used except that it is for Windows environment only, so, not for an Android phone, but I have Windows Mobile smartphones to integrate too, so, maybe it can help me in this case ;
4) if Clientless nor Anyconnect solutions can't work, it might be better to use the ASA Cut-Through proxy function to get a more secure solution than the first one listed above; but I was not successful either with this cut-through proxy function
Any ideas or examples about how to allow activesync connections thru ASA would be welcomed
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th...
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...
Purpose of this article is to share our experience during that Covid-19 period where we were able to successfully setup a VPN configuration for remote worker using Alcatel 8068S phones with FTD 2110 running 220.127.116.11.I would like to thank all of my colleagu...
For additional advanced ISE related Tips, please visit Advanced ISE tips to make your deployment easier document
Downloadable URL-Redirect ACL with ISE
If you have ever configured central web authentication with ISE you understand that it requires...
Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that can manage security products like the Adaptive Security Appliance (ASA), the Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.&nb...