Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
388
Views
0
Helpful
3
Replies

Accessing OWA on ISA through PIX 515

ddunk0077
Level 1
Level 1

‎07-08-2004 12:35 PM - edited ‎02-20-2020 11:30 PM

Hi

Having a problem trying to access Outlook Web Access through a ISA server. On the firewall i have this configured:

access-list outside_access_in permit tcp any host 12.30.111.204 eq smtp

access-list outside_access_in permit tcp any host 12.30.111.204 eq www

then the static one to one:

static (inside,outside) 12.30.111.204 192.168.1.74 netmask 255.255.255.255 0 0

Is there more needed to allow the PIX to pass the traffic?

Thanks...

0 Helpful
3 Replies 3

ehirsel
Level 6
Level 6

‎07-09-2004 05:53 AM

Here is an MS KB article detailing OWA, exhcange, and firewall ports and other config info.

http://support.microsoft.com/default.aspx?scid=kb;en-us;259240

You need to open port 135 and maybe allow udp to flow thru as well.

Are the clients coming in from parts of your network only, or can they connect from anywhere? If anywhere, then you want to look at the vpn client solution to protect the traffic.

I would also do searches on MS or Cisco's site relating to OWA, in particular key in on UDP/RPC and see if any other ports may need to be opened.

0 Helpful

assad2000
Level 1
Level 1

‎07-10-2004 10:02 PM

Hi:

The only ports that should be opened in order for Internet explorer to access OWA server are 80 and 443. The SMTP port also should be opened to send and receive emails but it will not be used by OWA.

You should never open port 135 (RPC) of any server to the public, I think the MS article that ehirsel is referring to , is how to configure a firewall that is located between OWA server and another Exchange server which is not your case.

regards;

0 Helpful

ehirsel
Level 6
Level 6

‎07-12-2004 11:09 AM

Yes, I did make a mistake on my prior posting.

Are the users who are wanting to access OWA needing to be authenticated to the firewall before accessing the OWA server? If so, then the pix needs to be enabled for proxy authentication, and the pix will need to see the ISA server as a Radius or tacacs+ (AAA) server.

This link is the pix 6.3 command ref doc:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1111727

Look at the aaa authentication command for more detail. Let me know if this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card