Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL to allow OWA

Status
Not open for further replies.
fishchips

fishchips

IS-IT--Management
Sep 3, 2007
5
GB
Hi.
I am trying to allow OWA to our Exchange server but I'm pretty new at using access lists and am not sure of the config to use.

We have the following setup;

external - router - dmz - router - lan (exchange)

and have access lists on both routers. Our external dns has an entry for us to use for owa which resolves to an unused external ip so I think I need to;

1. tell the external router that incoming traffic on that ip on port 80 is ok to let through
2. tell the external router to send that traffic to the internal router
3. tell the internal router to forward this traffic to the exchange server.
4. tell both routers that the traffic is allowed out again.

Any help with this would be......er.....helpful.

I could put a front end exchange server in the dmz I suppose. Thoughts on that apprechiated also.

Thanks.
 
Sort by date Sort by votes
Here is what I did.

In the DMZ I built a Gentoo Server Running Apache.
I configured apache as a reverse web proxy.
So all HTPS(use secure comms) port 443 requests to
x.x.x.x/owa where directed to the apache server and
made an ssl encrypted connection.
The apache server then goes from my DMZ on port 443 to the internal exchange server making a second secure connection (SSL).

On my firewall I did:
Allow inbound to apache server port 443
Allow dmz->Internal port 443 from serverip to exch.IP.

If you are interested in more info on the proxy setup let me know.

I like Gentoo but any other flavor all you need to do is add some lines to the httpd.conf and lock down the server.

allowing direct connections from the internet into your internal network is a big mistake. Require ssl encryption for owa.

My setup is not 100% secure, nothing is. My plan is to slow them down enough for me to realize someone is trying to get in.



Gb0mb

........99.9% User Error........
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
155
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
218
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
182
bdk76
bdk76
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
232
BIS
BIS
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
120
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top