|
|
|
Question : Problem: Need to allow OWA access to new Exchange Server via Cisco PIX 515
|
|
I've installed a new Exchange 2003 server as a second server in the Exchange Admin Group. I want to enable a external address to point to this new Exchange server to test Outlook Web Access. Our current Exchange Server (2000) is working just fine with Outlook Web Access.
I ran the following commands on my PIX firewall..
access-list outside permit tcp any host eq www
access-list outside permit tcp any host eq smtp
access-list outside permit tcp any host eq https
access-list outside permit tcp any host eq pop3
static (inside,outside) netmask 255.255.255.255 0 0
wr mem
This does not seem to work. Is there another command that I need to run?
|
Answer : Problem: Need to allow OWA access to new Exchange Server via Cisco PIX 515
|
|
Hi lwrogers,
I'll also agree on everything looking good on your rules. Take a look at your log:
show logg
See any denies for xlate?
Or you can create a quick capture to see what's happening:
In config mode:
access-list capture-new-owa permit ip any
access-list capture-new-owa permit ip any
In enable mode:
capture owa access-list capture-new-owa buffer 2048 interface outside circular-buffer
Then to view it:
show capture owa
You'll see something like this if it's working:
16:49:34.740440 . > .80: . ack 332312852 win 16137
16:50:25.926236 . > .80: P 40969420:40969428(8) ack 332312852 win 16137
16:50:26.040326 .80 > .: P 332312852:332312854(2) ack 40969428 win 25460
Notice the two way communication (it'll go on and on in the list.) This is an advanced way of troubleshooting the problem. Use a quick check to see if you have a translation problem or the wrong port allowed. Use the capture for more advanced problems when you need to validate that traffic is indeed leaving your network and you need to tell the remote end to check their setup instead.
-skpruett
|
|
|
|
