Having a problem with internal users accessing an external web address

techfactor13 · ‎11-14-2012

Kind of have a two fold question,

we recently upgraded from an RVS4000 router which didn't have this issue.

current setup,

a server 2008 r2 domain, AD/DNS, exchange 2010, two sites connected with an IPSec point to point VPN with two 1941w series cisco routers.

SiteA > exchange 2010, AD/DNS, two DCs,

SiteB > RODC (AD/DNS)

the problem;

Internal users from SiteA cannot access the external owa address.

From SiteA i can successfully ping both the external/internal IP addresses/names and they resolve correctly, including pinging the address ('mail.company.com") resolves correctly to the external ip address. but the ('mail.company.com/owa") page will not load in any browser window for any user in SiteA, however SiteB users can access the webpage correctly.

i can add a DNS entry (primary zone) to resolve the owa site internally at SiteA, but then SiteB cannot access the owa site.

the second part is i'm kinda new to cisco ios and was wondering if someone could look over my configs to see if there are any possible issues.

i have some cleaned configs i can post if someone could help, thanks

ALIAOF_ · ‎11-19-2012

Is site B accessing OWA via external IP too? Since you have a site to site VPN at both location, make sure that you can ping the exchange server from Site A and Site B (i.e the internal IP address of the exchange server). Then add the DNS entry to the primary zone so that both sites can resolve like (mail.yourcompany.com = 192.168.1.10) etc. Lets get this going first and then check out the Cisco Configs.

Make sure you use the enable secret instead of enable password. As enable password can easily be decrypted. It is a good idea to have an ACL to access the router, disable telnet, allow only SSH v2 access to the router etc are some best practice things to do.