11-26-2009 01:09 AM - edited 03-11-2019 09:42 AM
Hi to all,
I have a Cisco ASA 5510 & a MS Exchange 2003. I enabled OWA & access it thru https://sample.com/owa using different Internet connection.
I can access it locally thru https://192.168.1.1/owa. My question is, is it posible to use the https://sample.com/owa instead of https://192.168.1.1/owa in the INSIDE interface? How will I do it? What commands will I add to my configuration. Thanks...
Regards,
Raymond
11-26-2009 10:28 AM
I assume that your Exchange is nat'ed using static translation. It should wokr in the way you want if:
1. You enable inspection of dns queries (using "inspect dns" in global_policy)
2. DNS server for sample.com domain is located on outside interface (so the DNS answer for "sample.com" query has a chance to be translated to 192.168.1.1).
Post your config so I can tell you what to change.
Best regards
mirek
11-26-2009 10:51 AM
Or you can do;
# for outside
static (dmz, outside)
# for internal
static (dmz, inside)
Which will translate for you.
11-26-2009 11:17 PM
Thanks for your reply.
Below is my current configuration.
access-list 101 extended permit tcp any host 20x.x.x.164 eq https
access-list 101 extended permit tcp any host 20x.x.x.164 eq smtp
access-list 101 extended permit icmp any host 20x.x.x.164
access-group 101 in interface outside
static (inside,outside) 20x.x.x.x 192.168.1.4 netmask 255.255.255.255
Email Server: 192.168.1.4
Public IP of Email Server: 20x.x.x.164
Internet--->ASA5505---->Switch----->PC/Email Server
I've already try changing the NAT configuration (pls see below)
from "static (inside,outside) 20x.x.x.x 192.168.1.4 netmask 255.255.255.255"
to this "static (inside,outside) 20x.x.x.x 192.168.1.4 netmask 255.255.255.255 dns"
But still no luck.
I tried the ASDM Packet tracer & the result is Packets are drop when I use https://sample.com/owa instead of https://192.168.1.4/owa on the INSIDE interface.
Best Regards,
Raymond
11-29-2009 09:31 AM
Make sure that the IIS server is not bound to the Internal IP only. I had a simialr issue and changed it to
be bound to all IPs.
You should try to do a capture with the ASDM capture wizard and see what is goign on. Make sure that you are coming in from the outside when trying to hit the site as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide