Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
4
Helpful
5
Replies

PIX 501 Cofig for MS OWA

jdimack007
Level 1
Level 1

‎06-21-2005 04:38 AM

We have a PIX 501 Firewall and I need to configure it to allow access to users for Outlook Web Access 2000. The OWA works inside the firewall, but I don't get any connectivity from outside. I would like to know what configuration parameters I need to set and/or change. My experience with the PIX 501 is very limited.

Thanks,

John

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎06-21-2005 11:46 PM

Hello,

AFAIK, for OWA to work with the Cisco PIX, you need to disable the SMTP command filter on the PIX. I think the command on the PIX is 'no fixup protocol smtp' (not sure about that)...

You also might want to check the following document:

SMTP mail cannot be sent or cannot be received in Exchange Server

http://support.microsoft.com/default.aspx?scid=kb;en-us;895857

Regards,

GP

0 Helpful

jmia
Level 7
Level 7

‎06-22-2005 06:54 AM

John,

What you need on the PIX is the following, I have not disabled fixup protocol (Mail guard). The 'no fixup protocol smtp 25' is needed if your are running ESMTP servers on the inside network, to be honest this is more of an issue with MS then Cisco PIX!! - As you can see I'm not a big fan of MS.

Add the following in the PIX (in config mode):

access-list outside_in permit tcp any host eq https

access-group outside_in in interface outside

static (inside,outside) tcp https https netmask 255.255.255.255 0 0

Save with: write mem and also isuue: clear xlate

That '' should be a spare internet routable IP address assigned by your ISP. If you only have the one IP address and your using this on the outside interface of the PIX, then you can do the following:

access-list outside_in permit tcp any host eq https

access-group outside_in in interface outside

static (inside,outside) tcp interface https https netmask 255.255.255.255 0 0

Save with: write mem and also issue: clear xlate

Now for the OWA server, on your OWA server you'll need to create a CA (Certificate Authority) you can either use the server to be the root CA or purchase a SSL Certificate for the likes of VeriSign etc. This will make your connection/authentication with the OWA server more secure.

Hope this helps and let me know if you need further help, also you should have posted this on the 'Security/Firewall' area!

Please rate post if it helps as others might be looking for a similar solution.

Jay

dbellaze
Level 4
Level 4
In response to jmia

‎06-22-2005 09:59 PM

Jay,

Do you have a doc that explains the ESMTP issue?

Daniel

0 Helpful

jmia
Level 7
Level 7
In response to dbellaze

‎06-24-2005 08:18 AM

Here's the MS Explanation:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320027&gssnb=1

You'll find the Cisco link on above URL.

Happy Reading.

Jay

0 Helpful

jdimack007
Level 1
Level 1
In response to jmia

‎06-27-2005 04:31 AM

Jay,

First, my apologies for not being more timely with a reply.

I did add the commands to the PIX as you instructed. However, 1) I could not test it, (details not pertinent to this discussion) and 2) all incoming e-mail was rejected.

I do not know the specifics of WHY e-mail was rejected, but when I removed the commands I added, all is well. So until I can devote some dedicated time on this, I have put it, the MS OWA capability, on the midway burner. That's somewhere between the front and back burner!

I do appreciate your help and the link to the MS article.

I will add to this when I have it resolved.

Thanks,

John

0 Helpful
Customers Also Viewed These Support Documents