PIX 515 and HTTPS on Exchange

helpsf · ‎11-30-2007

Every few months PIX stops passing outside traffic for HTTPS (443) port for Exchange server OWA ( internally it works just fine). When I look at xlate it shows 0 bytes and flags aB. I change rule to port 4343 and it works. After a few weeks I change back to port 443 and it works. I dont understand why it randomly stops working and then randomly works again. Does anyone had same or similar problem ? Thank you.

ccbootcamp · ‎12-01-2007

what happens when you bounce the box? does it work when it comes back up? how about when you clear xlate? what version of PIXOS are you runnig? can you post your pix config?

-brad

www.ccbootcamp.com

(please rate the post!)

helpsf · ‎12-03-2007

bouncing the box and clear xlate don't do any good.

attached please find PIX config.

Thank you. Yevgeniy

jmia · ‎12-04-2007

Hi Yevyenig,

As a test, can you take out the following...

access-list outside_access_in permit tcp any host 216.31.255.32 eq https

static (inside,outside) 216.31.255.32 10.1.10.46 netmask 255.255.255.255 0 0

And add...

access-list outside_access_in permit tcp any host 216.31.255.32 eq https

static (inside,outside) tcp 216.31.255.32 https 10.1.10.46 https netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

Also for good mesure, can you take out the other port access i.e. 4343 access.

Please issue - wr m and clear xlate after the modifications.

Let me know how it goes,

Jay

helpsf · ‎12-04-2007

Thank you, Jay. I'm going to try it and let you know. yevgeniy