Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
5
Replies

Configure OWA on Pix

j-foote
Level 1
Level 1

‎01-05-2004 09:11 AM - edited ‎02-20-2020 11:10 PM

Having problems connecting to inside when using www or https, but telnet is successful. Below is our config.

Any ideas?

access-list outside_access_in permit tcp any host X.X.X.X eq https

access-list outside_access_in permit tcp any host X.X.X.X eq www

access-list outside_access_in permit tcp any host X.X.X.X eq smtp

access-list outside_access_in permit tcp any host X.X.X.X eq telnet

static (inside,outside) tcp interface smtp X.X.X.X smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp interface telnet X.X.X.X telnet netmask 255.255.255.255 0 0

static (inside,outside) tcp interface https X.X.X.X https netmask 255.255.255.255 0 0

static (inside,outside) tcp interface www X.X.X.X www netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

no fixup protocol smtp 25

0 Helpful
5 Replies 5

nkhawaja
Cisco Employee
Cisco Employee

‎01-05-2004 09:23 AM

Hi,

The above statements seems to be correct. Now we need to see the syslog messages. version information and translation entries for this x.x.x.x pc

Thanks

Nadeem

0 Helpful

jmia
Level 7
Level 7

‎01-05-2004 09:25 AM

Hi,

Can you post syslog messages, do:

logging on

logging buffer debug

sho logging

Thanks - Jay

0 Helpful

j-foote
Level 1
Level 1

‎01-05-2004 09:41 AM

In answer to both posts:

Syslog logging: enabled

305011: Built static TCP translation from inside:inside/80 to outside:outside int/80

302013: Built inbound TCP connection 835 for outside:outside host/1288 (outside host/1288) to inside:inside/80 (outside host/80)

VCPX(config)# show xlate

1 in use, 58 most used

PAT Global outside int.(80) Local inside(80)

Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee

VCPX up 3 days 0 hours

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 000d.ed52.f232, irq 10

1: ethernet1: address is 000d.ed52.f233, irq 11

2: ethernet2: address is 0002.b3d6.c3f1, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 3

Maximum Interfaces: 5

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license

0 Helpful

mostiguy
Level 6
Level 6
In response to j-foote

‎01-07-2004 04:51 AM

Does OWA work fine internally (from pc's behind the pix firewall)?

I would recommend disabling the telnet service on your exchange box. Just test access by telneting to the exchange server's smtp port: telnet exchangeboxnamehere smtp

Exchange 5.5 or Exchange 2k?

0 Helpful

j-foote
Level 1
Level 1
In response to mostiguy

‎01-07-2004 06:06 AM

Exchange 2k, Our problem was that we didn't have a route back to the pix on our switch. We're testing before placing into production and the pix is not the default gw right now. Once we added the ws to the route map statement, it worked fine.

Thanks for everyones input

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card