Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure OWA on Pix

Having problems connecting to inside when using www or https, but telnet is successful. Below is our config.

Any ideas?

access-list outside_access_in permit tcp any host X.X.X.X eq https

access-list outside_access_in permit tcp any host X.X.X.X eq www

access-list outside_access_in permit tcp any host X.X.X.X eq smtp

access-list outside_access_in permit tcp any host X.X.X.X eq telnet

static (inside,outside) tcp interface smtp X.X.X.X smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp interface telnet X.X.X.X telnet netmask 255.255.255.255 0 0

static (inside,outside) tcp interface https X.X.X.X https netmask 255.255.255.255 0 0

static (inside,outside) tcp interface www X.X.X.X www netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

no fixup protocol smtp 25

5 REPLIES
Cisco Employee

Re: Configure OWA on Pix

Hi,

The above statements seems to be correct. Now we need to see the syslog messages. version information and translation entries for this x.x.x.x pc

Thanks

Nadeem

Gold

Re: Configure OWA on Pix

Hi,

Can you post syslog messages, do:

logging on

logging buffer debug

sho logging

Thanks - Jay

New Member

Re: Configure OWA on Pix

In answer to both posts:

Syslog logging: enabled

305011: Built static TCP translation from inside:inside/80 to outside:outside int/80

302013: Built inbound TCP connection 835 for outside:outside host/1288 (outside host/1288) to inside:inside/80 (outside host/80)

VCPX(config)# show xlate

1 in use, 58 most used

PAT Global outside int.(80) Local inside(80)

Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee

VCPX up 3 days 0 hours

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 000d.ed52.f232, irq 10

1: ethernet1: address is 000d.ed52.f233, irq 11

2: ethernet2: address is 0002.b3d6.c3f1, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 3

Maximum Interfaces: 5

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license

Silver

Re: Configure OWA on Pix

Does OWA work fine internally (from pc's behind the pix firewall)?

I would recommend disabling the telnet service on your exchange box. Just test access by telneting to the exchange server's smtp port: telnet exchangeboxnamehere smtp

Exchange 5.5 or Exchange 2k?

New Member

Re: Configure OWA on Pix

Exchange 2k, Our problem was that we didn't have a route back to the pix on our switch. We're testing before placing into production and the pix is not the default gw right now. Once we added the ws to the route map statement, it worked fine.

Thanks for everyones input

97
Views
0
Helpful
5
Replies