Outlook Web Access Interfering with PDM

Unanswered Question
Aug 27th, 2008
User Badges:

Hi,


I have PIX 506E with OS 6.3(5). I have only one public IP address which I assigned to PIX Outside Interface. I also NATed this public IP address to the Mail server running Exchange Server 2003.


I discovered I could not access PDM anymore after NATing Mail server internal IP address to the PIX Outside IP address.


What can I do in a case like this where I have only one public IP address that should be used for PIX Outside Interface and Mail server?


See my config below.


name 192.168.16.1 Server


access-list outside_access_in permit tcp any host 217.x.x.237 eq https

access-list outside_access_in permit tcp any host 217.x.x.237 eq smtp

access-list outside_access_in permit tcp any host 217.x.x.237 eq www


ip address outside 217.x.x.237 255.255.255.248

ip address inside 192.168.16.254 255.255.255.0


static (inside,outside) tcp 217.x.x.237 www Server www netmask 255.255.255.255 0 0

static (inside,outside) tcp 217.x.x.237 https Server https netmask 255.255.255.255 0 0

static (inside,outside) tcp 217.x.x.237 smtp Server smtp netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_out in interface inside


When I disable PDM with "no http server enable" command OWA works. But when I re-enable PDM OWA stops working.


Any ideas on the reason for this?


Regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrew.prince@m... Wed, 08/27/2008 - 01:54
User Badges:
  • Green, 3000 points or more

The PDM listens on port 443 - so if you are forwarding onto an internal web server, the firewall will be unable to listen for PDM connections.


It might be better to configure for PDM connections on the "inside" interface.


HTH>



a.ajiboye Wed, 08/27/2008 - 04:59
User Badges:

Thank you for your prompt response.


How do I configure for PDM connections on the "inside" interface?


Regards.

andrew.prince@m... Wed, 08/27/2008 - 05:09
User Badges:
  • Green, 3000 points or more

http server enable

http x.x.x.x y.y.y.y inside


x.x.x.x = inside IP subnet

y.y.y.y = subnet mask.


So for example


http 192.168.0.0 255.255.0.0 inside



Now if you have remote VPN configured - you will PDM from your VPN connection as long as the ip pool for the remote VPN is in the 192.168.0.0 - for example.


Or you could just RDPsession to an internal server, then run the PDM from that server.


HTH.

Actions

This Discussion