Have to access MS CAS-client server for remote mail access.
Natted the CAS from DMZ:172.30.1.32 to 172.26.1.32. Same for mail server on the inside
From the routers, i can ping both servers natted address(172.26.1.32&102)
Connected to the outside of FW,in switchport of ADSL; can ping servers from PC on port 443. But doesn't load on browser.
Note that both anti-X & IPS module r off.
Below is the relevant part of config and most of the topo. In few recent postings, noticed comments about port 80 & 443 playing funny from one zone to the other. Despite doing a 1 to 1 nat; wonder if static policy nat can get the users to connect from home.
ip address 172.26.1.2 255.255.255.0
ip address 172.28.1.1 255.255.255.0
ip address 172.30.1.25 255.255.255.0
access-list outside extended permit tcp any host 172.26.1.32 eq https
access-list outside extended permit ip any any
access-list outside extended permit ip any host 172.26.1.32
static (inside,outside) 172.26.1.102 10.50.1.102 netmask 255.255.255.255
static (dmz,outside) 172.26.1.32 172.30.1.32 netmask 255.255.255.255
access-group outside in interface outside
access-group inside in interface inside
access-group dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 172.26.1.1
So are you saying that when you connect to the outside of the firewall you can actually telnet X.X.X.X 443 where X.X.X.X is the public IP address of the server (s) and received a scrambled web page after typing GET command correct ? If that is the case then I am assuming that you had already tested the web browser with the IP address instead of hostname (Just to rule out name resolution issues) correct ..? I am also assuming that the servers know how to route back to the Internet correct ? then I suggest try disabling http inspection on the firewalls and test it again.
Please rate helpful posts !!