PIX and DMZ and OWA

[lech]

Hi all

I have recently installed a PIX515 - all works fine BUT our OWA box in the DMZ cannot be accessed from the inside network using it's public registered domain name. There are no problems accessing OWA from outside by its owa.domain name via a static but inside the pix will not route traffic for the owa.domain address to the dmz.
This used to work fine with the old guardian firewall.
Any ideas??

 

[yizhar]

HI!

What version of PIX?
Can you post here the config, or atleast a partial one?

You can try to access the web server using its FQDN and not IP.
PIX has a feature to change DNS responses from registered to private IP addresses. Look here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/commands.htm#xtocid35846

If you have an internal DNS server, you can tweak it there instead.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[lech]

Thanks Yizhar

I tried the alias command which altered the DNS response OK but for some reason would stop communication to the OWA server. All our users use a proxy so I added a hosts file pointing to the DMZ address for OWA on the Proxy and all works looovely now.

Thanks for ur help

 

[ianbla]

I am currently doing the same as what you have done.

Is your OWA in the DMZ a front-end with a back-end on the private inside network? IF so are they on different subnets?