Unable to access OWA externally

[doahmont]

Exchange 2007 running on 2008 Server (standard).

Please let me start by saying that I am not super knowledgeable about Exchange or configuring a Cisco router. My situation is this. From inside of our building, I can access OWA by name or IP address (10.1.1.19). Now from what I read, I need to forward HTTPS on my Cisco router to hit the internal IP address of the OWA server. The problem is we house another server that accepts HTTPS requests and the router is currently configured to forward HTTPS requests to that.

From outside, I can ping our OWA server (owa.domainname.org) and it does resolve to one of our public IP address. So, I figured maybe just set the public IP address that the ping resolves to on a second NIC on our Exchange server. Well I did try that and it didn't work (perhaps I'm doing that incorrectly). I'm looking for any help at all here. Please let me know if I need to include any additional details. Thanks in advance!

PS I am told that OWA did work externally at one point before I started here. Not sure why or how it eventually stopped working. There have been some router changes from what I'm told but I'm not sure if that's the issue.

 

[ShackDaddy]

If you already have another internal server using HTTPS, then the next question is this: do you have more than one public IP address? If so, you could forward HTTPS for a different IP to the internal IP of your Exchange server.

Another option, if you only have a single IP, is to start using OWA on an alternate port on the outside. So, for example, you could start using port 444 on the router and forward it to 443 HTTPS on the inside. You would just need to use that in the URL from the outside:

https://webmail.company.com/owa:444

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[doahmont]

Thanks for the reply. Yea, we do actually have multiple public IP's. I will try your first suggestion. I guess I thought we already were doing that, though. But now I see when I ping that public IP from the outside (or inside, actually), I get no reply.

 

[ShackDaddy]

Normally a Cisco firewall would be configured not to respond to pings, so that's not really surprising. If you have multiple IPs, the best thing you can do is add a new DNS record and point your public OWA name to the alternate public IP and access it via 443/SSL and not monkey with alternate ports.

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[doahmont]

Ok so I did manage to get this working. I just wanted to post in case anyone else stumbles across this thread with the same issue. I basically have a range of public IP's xxx.xxx.xxx.98 through xxx.xxx.xxx.107.

The public DNS record for OWA was the .107 address. Even the OWA settings on my Cisco router were configured previously for .107. The problem was that the .107 address didn't actually exist anywhere. There were no actual devices or networks configured with that address. In that block of addresses, I noticed that .100 was configured and setup on the Cisco so I called my ISP and had them switch the public DNS record to .100. I then changed the port forwarding rules on the Cisco and that did it. I can connect to OWA no problem now. The downside is I still cannot connect with my normal mailbox on my iPhone 4s. Something I'm still messing around with. Thanks for the replies.