Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Pix 506e config for OWA
- Thread starter hmcgillem
- Start date
OWA uses HTTP (TCP port 80) - ie it looks just like standard web traffic.
You just need a line similar to the following added to your existing access list:
access-list outsidein permit tcp a.b.c.d w.x.y.z eq 80
where a.b.c.d is the internal Exchange server
and w.x.y.z is the client trying to access it
You just need a line similar to the following added to your existing access list:
access-list outsidein permit tcp a.b.c.d w.x.y.z eq 80
where a.b.c.d is the internal Exchange server
and w.x.y.z is the client trying to access it
Supergrrover
IS-IT--Management
If you have OWA with SSL, add port 443 to that.
You will need a static to point to your inside server as well.
static (inside,outside) tcp ExternalIP 80 InternalIP 80 netmask 255.255.255.255
static (inside,outside) tcp ExternalIP 443 InternalIP 443 netmask 255.255.255.255
access-list outside_in permit tcp any ExternalIP eq 443
access-list outside_in permit tcp any ExternalIP eq 80
access-group outside_in in insterface outside
With this you can also setup RPC via HTTPS without any changes to the firewall.
Brent
Systems Engineer / Consultant
CCNP, CCSP
You will need a static to point to your inside server as well.
static (inside,outside) tcp ExternalIP 80 InternalIP 80 netmask 255.255.255.255
static (inside,outside) tcp ExternalIP 443 InternalIP 443 netmask 255.255.255.255
access-list outside_in permit tcp any ExternalIP eq 443
access-list outside_in permit tcp any ExternalIP eq 80
access-group outside_in in insterface outside
With this you can also setup RPC via HTTPS without any changes to the firewall.
Brent
Systems Engineer / Consultant
CCNP, CCSP
- Thread starter
- #4
KiscoKid,
In your post you have stated at the bottom:
"and w.x.y.z is the client trying to access it"
What if that address is everyone? Meaning, when we set up OWA, we want everyone to be able to access it. We have a similar statement in our config that may need to be changed, because our OWA is not working from the outside currently:
"access-list acl_in permit tcp any host 192.168.x.x eq www"
Should we change the 80? and is it that w.x.y.z needs to be the external address associated with that internal address (NAT)? Thanks in advance!
In your post you have stated at the bottom:
"and w.x.y.z is the client trying to access it"
What if that address is everyone? Meaning, when we set up OWA, we want everyone to be able to access it. We have a similar statement in our config that may need to be changed, because our OWA is not working from the outside currently:
"access-list acl_in permit tcp any host 192.168.x.x eq www"
Should we change the 80? and is it that w.x.y.z needs to be the external address associated with that internal address (NAT)? Thanks in advance!
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question