0

on our internal domain we have exchange 2010 that I have been setting up. It seems to all be working except the iphones/POP3/IMAP. They will not setup on the local network. As to not conflict with our current email my boss made me create a mail2.exampledomain.com (a record) and I routed this to the external IP address that is assigned to exchange.

We have an ASA5505 so i did the NAT and firewall rules to allow the traffic and direct it all to our exchange server.

If i'm outside of our domain I can setup POP3/IMAP/IPHONE4 and it works fine but the moment I connect to our domain it no longer works.

Has anyone else had this issue? POP3/IMAP will be setup on peoples phones that do not support exchange.
i can ping the DNS name and it routes it to the correct external IP address. I show that ping is being blocked by the ASA (as it is setup to do) so it is hitting the network correctly.

Thank you!

Lbaker101
  • 309
  • 2
  • 8
  • 18

1 Answers1

1

The Cisco ASA doesn't do NAT hairpinning by default so access to internal resources using an external address does not work properly. You've got a couple of options. The absolute easiest option is to create a DNS record on your internal DNS servers pointing the name to the internal IP address. That's what I do 100% of the time.

Other options include enabling NAT hairpinning on the ASA through a static command or doing DNS rewriting. You can find information about those options here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Jason Berg
  • 19,084
  • 6
  • 40
  • 55
  • Yeah, I always recommend the internal A record too, it's by far the simplest thing to do. – Ben Pilbrow Aug 05 '11 at 21:02
  • right now we have 2 domain controllers/DNS servers (failover). Do you know where I would add the internal DNS entry? I'm assuming I would route it to the exchange servers IP address? Our DHCP server assigns DC1 and DC2 for DNS. – Lbaker101 Aug 05 '11 at 21:13
  • Pick either DNS server. Add a new DNS zone for mail2.exampledomain.com and set it to replicate to all DCs in the domain. Create an A record in the zone leaving the name blank and using the internal IP address of the Exchange server. – Jason Berg Aug 05 '11 at 21:16