>%ASA-7-710005: UDP request discarded from 192.168.10.3/138 to DMZ:192.168.10.255/138
These are local NetBios broadcasts that are simply being discarded on the ASA's interface because the ASA can't do anything with them.
Simply disable this log message:
no logging message 710005
--------------
From the DMZ, what are you using for DNS resolution to get to the public IP of the OWA server? Is it local or "foreign"?
------------
This is what you're trying to do, sort of....
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtmlMissing something here, I think..
static (LAN,LAN) xx.xx.xx.2 192.168.254.25 netmask 255.255.255.255
static (LAN,WAN) xx.xx.xx.3 192.168.254.3 netmask 255.255.255.255
static (LAN,LAN) xx.xx.xx.3 192.168.254.3 netmask 255.255.255.255
static (LAN,DMZ) xx.xx.xx.3 192.168.254.3 netmask 255.255.255.255
static (LAN,DMZ) xx.xx.xx.2 192.168.254.25 netmask 255.255.255.255
Should be:
static (LAN,LAN) xx.xx.xx.2 192.168.254.25 netmask 255.255.255.255
static (LAN,WAN) xx.xx.xx.2 192.168.254.25 netmask 255.255.255.255 dns <== this line is missing
static (LAN,LAN) xx.xx.xx.3 192.168.254.3 netmask 255.255.255.255
static (LAN,WAN) xx.xx.xx.3 192.168.254.3 netmask 255.255.255.255 dns <== optional DNS keyword
static (LAN,DMZ) xx.xx.xx.3 192.168.254.3 netmask 255.255.255.255
static (LAN,DMZ) xx.xx.xx.2 192.168.254.25 netmask 255.255.255.255
--------------------------
-
>Why would you allow traffic from DMZ to internal LAN? Isn't that defeat the security purpose
Well . . . typically, we don't have any "users" in the DMZ that need to access a server in the inside. Most generally, the DMZ is only for publicly accessible servers, and we may have a need to access those servers from inside users by their DNS/public IP addresses (more due to politics than technicalities).. that is the purpose of the link I posted above.
So, the question back to you is: Why do you have users in the DMZ that need to access this OWA or RDP?
