Establishing NT Trust across a PIX

[spankie]

We're trying to setup an Outlook Web Access server in our DMZ. The OWA server is not able to authenticate users across the PIX. Microsoft says certain ports have to be opened to enable this functionality. We have enabled ALL TCP and UDP ports between the OWA server and the PDC, and ALL TCP and UDP ports between the OWA server and the Exchange server, and it still doesn't work. If I put the OWA server on the local network it works fine. Why, with all ports opened up, will it not work going through the PIX?
I'm clueless....

TIA

 

[yizhar]

HI.

You might have an IP translation problem.
Have you used STATIC like this:
static (inside,dmz) x.x.x.x y.y.y.y
for the internal Exchange server?

You should note that placing the OWA server in DMZ but allowing NETBIOS from it to the internal LAN isn't such a secure desgin.
It is better to use VPN .

I guess you've read already, but anyway look here:

http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=13545

and here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/msexchng.htm

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar