Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
3
Replies

Configuring PIX 515 for Outlook 2003 RPC over HTTP client

mdelgado77@hotmail.com
Level 1
Level 1

‎05-12-2005 08:17 AM - edited ‎02-21-2020 12:08 AM

Hi,

We are trying to configure Windows/Exchange Server 2003 to accept RPC/HTTPS through the PIX 515 firewall. However, I am unable to sucessfully connect my Outlook 2003 client to Exchange via RPC/HTTPS throught the PIX. I have bypassed the PIX and can connect to it with no problem. The Microsoft documentation says all I need to do is forward and open ports 443 and 80.

Does anyone know if the PIX will support this setup ?

I have tried disabling "fixup https" with no luck.

Any info would be appriciated.

Best,

Armand

0 Helpful
3 Replies 3

Patrick Iseli
Level 7
Level 7

‎05-13-2005 09:33 AM

Have done a static and an access-list to permit the access to the Exchange server ?

example:

access-list acl_outside permit tcp any host Exchange-Public-IP eq 443

access-group acl_outside in interface outside

static (inside,outside) Exchange-Public-IP Exchange-Privat-IP netmask 255.255.255.255 0 0

# Note: clear xlate will reset all connections, do not do this during business hours, you could loose some sessions !!

clear xlate

Could you please provide some more details on your setup, interfaces, ports ...

sincerely

Patrick

0 Helpful

mdelgado77@hotmail.com
Level 1
Level 1
In response to Patrick Iseli

‎05-13-2005 10:42 AM

My Setup is two interfaces outside and inside:

OutsideRouter----pix515-----EXCHANGE Server

Yes, I have the commnads you have listed. The static has been in place for a while and I opened port 443. I have webmail running the same server which uses 443 and it works great. The difference is i'm trying to use RPC/HTTP. I'm wondering if the pix see's the RPC packet encapsulated in HTTP and drops it or something. Like the fixup protocol feature.

Any ideas would be appriciated.

Armand

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to mdelgado77@hotmail.com

‎05-13-2005 11:33 AM

The fixup is not the problem, but anyway you can disable it if you do not use an application as WebSense or N2H that need the additional infos from, websites.

As RPC is encapsulated into http or better in https, the PIX does not interact in the application level of that protocols. The PIX let it pass traffic through to the Exchange.

Details about fixup:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html

fixup protocol http

The fixup protocol http command sets the port for Hypertext Transfer Protocol (HTTP) traffic application inspection. The default port for HTTP is 80.

Use the port option to change the default port assignments from 80. Use the port-port option to apply HTTP application inspection to a range of port numbers.

Note The no fixup protocol http command still enables the filter url command.

HTTP inspection performs several functions:

•URL logging of GET messages

•URL screening through N2H2 or Websense

•Java and ActiveX filtering

The latter two features must be configured in conjuction with the filter command.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card