Need help configuring PIX firewall for OWA in DMZ

hwasin.chong · ‎05-21-2003

I need help on configuring PIX 515E version 6.1(2) to allow Outlook Web Access server (Exchange 5.5 front-end server in DMZ) to access mailbox in Exchange 5.5 back-end server in private network.

I've setup PIX according to Microsoft's requirement as documented in their KB article 155831 - http://support.microsoft.com/default.aspx?scid=kb;en-us;155831. I have tried opening all ports for inbound and outbound but still fail to access to mailbox. Instead I get the error message below..

Error Type:

Active Server Pages, ASP 0113 (0x80004005)

The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools.

/exchange/USA/LogonFrm.asp

Appreciate any help

Steve M. · ‎05-22-2003

I'm not a Pix guru, but here's some places to look. Can you ping both machines (Exch1 to Exch2 and vice-versa)? When I setup our DMZ with the Pix there are several different entries that had to be configured for everything to work right. I'm using the alias command for going from our DMZ to the inside network and using the nat & static command for going from the DMZ to the outside world.

The script error that you're describing makes me wonder if the two servers aren't able to talk to eachother. If you're having problems with the two servers communicating, drop a line and I can post some example code for the above commands that will hopefully help.

Have a good day,

Tim Clegg

wolfrikk · ‎06-02-2003

It would be helpful to see your config file so we can see any ACL's and see how NAT and static NAT mappings are set up.