Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PIX and Outlook Web Access
- Thread starter oakman
- Start date
Where is the NT box housing OWA? Inside or outside the PIX? I'm assuming inside. If so, I'm guessing the problem is with DNS:
Assume 1.1.1.1 is the public address NAT'dto the OWA and 10.1.1.1 is the inside address bound to its NIC. The user on the outside goes to owa.yoursite.com which resolves to 1.1.1.1 and works just fine. A user inside types in the same, resolves to 1.1.1.1, however the PIX cannot perform local routing to the same subnet (10.x.x.x). In other words, if you're on the same subnet as the internal OWA, you need to specify the inside ip address, not the public address.
On a side note: You'll find that you can access hosts inside with their public ip addresses while also on the inside, so long as you are on a different subnet.
If the users are unable to understand having two bookmarks (one to the inside address, one to the public dns record), then configure a second internal DNS server. Configure your DHCP to point internal users at the internal-only DNS server first and configure it to point owa.yoursite.com at the internal 10.1.1.1 address (this will work well for any other public resources that inside users wish to access).
Assume 1.1.1.1 is the public address NAT'dto the OWA and 10.1.1.1 is the inside address bound to its NIC. The user on the outside goes to owa.yoursite.com which resolves to 1.1.1.1 and works just fine. A user inside types in the same, resolves to 1.1.1.1, however the PIX cannot perform local routing to the same subnet (10.x.x.x). In other words, if you're on the same subnet as the internal OWA, you need to specify the inside ip address, not the public address.
On a side note: You'll find that you can access hosts inside with their public ip addresses while also on the inside, so long as you are on a different subnet.
If the users are unable to understand having two bookmarks (one to the inside address, one to the public dns record), then configure a second internal DNS server. Configure your DHCP to point internal users at the internal-only DNS server first and configure it to point owa.yoursite.com at the internal 10.1.1.1 address (this will work well for any other public resources that inside users wish to access).
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question