To allow Activesync connections (between smartphones and an internal Exchange server) thru an ASA, I think about 3 or 4 potential solutions :

1) do a NAT on the Exchange server and allow  activesync TCP connections from any IP to the Exchange server : I tested that and this works, but it is not the most secure solution we can imagine;

2) use a Clienless VPN SSL  ASA configuration : I tried it, but got problems certaintly related to the fact that the Activesync client, installed on my Android/Samsung smartphone, does not seem to be able vto pass properly thru the ASA Portal to reach the Exchange server;

3) use an Anyconnect VPN ASA configuration : I tried it , but did not manage to install or use any of the Samsung Anyconnect client available on Android Market; by the way, I saw, in the Anyconnect VPN Client Admin Guide 2.4, that an ActiveSync MSI is available from CISCO (

anyconnect-wince-ARMv4I-activesync-AnyConnectRelease_Number-k9.msi), but I don't see any details about how it is supposed to be used except that it is for Windows environment only, so, not for an Android phone, but I have Windows Mobile smartphones to integrate too, so, maybe it can help me in this case ;

4) if Clientless nor Anyconnect solutions can't work, it might be better to use the ASA Cut-Through proxy function to get a more secure solution than the first one listed above; but I was not successful either with this cut-through proxy function

Any ideas or examples about how to allow activesync connections thru ASA would be welcomed

thanks in advance