Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
504
Views
0
Helpful
3
Replies

Outlook Web Access Interfering with PDM

a.ajiboye
Level 1
Level 1

‎08-27-2008 01:02 AM

Hi,

I have PIX 506E with OS 6.3(5). I have only one public IP address which I assigned to PIX Outside Interface. I also NATed this public IP address to the Mail server running Exchange Server 2003.

I discovered I could not access PDM anymore after NATing Mail server internal IP address to the PIX Outside IP address.

What can I do in a case like this where I have only one public IP address that should be used for PIX Outside Interface and Mail server?

See my config below.

name 192.168.16.1 Server

access-list outside_access_in permit tcp any host 217.x.x.237 eq https

access-list outside_access_in permit tcp any host 217.x.x.237 eq smtp

access-list outside_access_in permit tcp any host 217.x.x.237 eq www

ip address outside 217.x.x.237 255.255.255.248

ip address inside 192.168.16.254 255.255.255.0

static (inside,outside) tcp 217.x.x.237 www Server www netmask 255.255.255.255 0 0

static (inside,outside) tcp 217.x.x.237 https Server https netmask 255.255.255.255 0 0

static (inside,outside) tcp 217.x.x.237 smtp Server smtp netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_out in interface inside

When I disable PDM with "no http server enable" command OWA works. But when I re-enable PDM OWA stops working.

Any ideas on the reason for this?

Regards.

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎08-27-2008 01:54 AM

The PDM listens on port 443 - so if you are forwarding onto an internal web server, the firewall will be unable to listen for PDM connections.

It might be better to configure for PDM connections on the "inside" interface.

HTH>

0 Helpful

a.ajiboye
Level 1
Level 1
In response to andrew.prince

‎08-27-2008 04:59 AM

Thank you for your prompt response.

How do I configure for PDM connections on the "inside" interface?

Regards.

0 Helpful

andrew.prince
Level 10
Level 10
In response to a.ajiboye

‎08-27-2008 05:09 AM

http server enable

http x.x.x.x y.y.y.y inside

x.x.x.x = inside IP subnet

y.y.y.y = subnet mask.

So for example

http 192.168.0.0 255.255.0.0 inside

Now if you have remote VPN configured - you will PDM from your VPN connection as long as the ip pool for the remote VPN is in the 192.168.0.0 - for example.

Or you could just RDPsession to an internal server, then run the PDM from that server.

HTH.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents