Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Single IP 5505 - DMZ clients can't HTTPS to NAT'd Exchange server

I have an ASA 5505 with the base license, which I setup a DMZ interface on for WiFi clients.  When I setup the DMZ interface I had to add the deny access to the inside VLAN.  The DMZ works fine with WiFi on it, but user's iPhones can't get email unless they turn WiFi off.

I can see a log entry stating that the connection was "denied by ACL from <dmz ip>/49689 to dmz:<external ip>/443"

Is there a simple way to allow HTTPS traffic through the DMZ interface to our internal Exchange server which is NAT'd on the 5505's external IP?

Everyone's tags (5)
3 REPLIES

Single IP 5505 - DMZ clients can't HTTPS to NAT'd Exchange serve

You're going to need a security image for the 5505 in order to be able to forward traffic to both the inside and outside interfaces from the dmz. The reason that it works by turning wifi off is because it has to go through the provider at that point and your users are hitting your outside interface. Currently, with the base image, you can only forward traffic to one interface or the other but not both.

John

HTH, John *** Please rate all useful posts ***
New Member

Single IP 5505 - DMZ clients can't HTTPS to NAT'd Exchange serve

Thanks John, what's the best way to upgrade?  Do I need to reimage or just add a license key?

Re: Single IP 5505 - DMZ clients can't HTTPS to NAT'd Exchange s

You'll need to get a license key I believe. I've only ordered them with the security license, so you could ask Cisco the best way to go about it.

Please rate if useful...

HTH, John *** Please rate all useful posts ***
348
Views
4
Helpful
3
Replies