I'm testing my 3005 as a conduit to my Exchange Server 2003. Ext Interface is connected directly to the internet and Int Interface is on my LAN subnet. I have my E2k3 server configured in WebVPN - Servers and URLS as:
When I connect to the 3005 using a browser I authenticate OK and see my Email link in the Websites section. I can click on that link and go through authentication again and at that point my OWA works correctly. The address is similar to:
So far everything is working. The problem I have manifests itself when trying to find an email address from the Global Catalog. I start a new email and press the To: button to bring up the Find Names box. I can see Global Address List listed in the top box. I type in a name in Display Name and press Find and all I get is the hourglass and Searching... The find function will never bring back a name.
Can anyone offer an exlanation of why OWA isn't able to find any names this way? This function does work correctly when I use OWA on the network and when connected through my firewall using port 443. I thought maybe it is because I need to open another port...perhaps LDAP...but reject that because those ports are not open on my firewall and yet when I browse to the E2k3 server via 443 everything works as it should. It seems to me the 3005 is causing the process to fail. Ideas anyone?
I guess it will be advisible to use SVC (SSL VPN client) option to connecto the the SSL VPN concentrator 3005.. Once you are authentication over SVC, you will get an IP address local to the subnet and after that you can access any application on your local network.. you can also use an access-control list and permit/deny any IP/network.. I know webvpn is a good way of accessing, but SVC's are more powerful and easy to use.. You just need to put the SVC software on the concentrator and enable SVC...
with respect to ur problem, is the client referring to any other server or URL when it does a name look up?? As far as the "Servers and URL" page goes, the concentrator will proxy only the requests to the URL given in the tab on the 3005.. other requests it will not permit..
Raj: Thanks very much for the reply. As far as I know the cliente is not referring to any other server or URL. My E2k3 server is a single full functional server--not a front end server. The only thing I can think of is that when I do a "find" on OWA from an outside browser that request is doing an LDAP query of the Global Catalog. My E2k3 server is not a Global Catalog server so perhaps that's the problem. However, in connecting directly to my E2k3 server through my firewall I have nothing open but port 443. If an LDAP query had to pass through in order to do my "find" request it wouldn't be able to through the firewall. The port isn't open. That makes me think it's the 3005 that's the issue.
I don't know what the SVC option is so I'll take a look at that. Thanks.
OK, I got SVC functioning and it's pretty slick. One quick question, though. The certificate that downloads with the SSL client isn't valid anymore. It was good from 6/25/03 to 6/24/05. I only see two certificates in my 3005 under Administration - Certificate Mgmt. There is one for each interface and each is current through 2009. The SSL cert was issued by Thawte and the certs I see are issued by the device itself. How do I update the SSL cert so I don't get the cert errors? TIA.
Forget the certificate error part.. is the SVC connecting and are you able to access the global address book with SVC? I'm sure you can.. right?
DOes your PC have java? if so, these certificate messages will be reduced if you click on the "always" button when the error messages come.. anyway, some of the warning messages cannot be avoided , because it is built onto the protocol.. just keep pressing yes when it pops up..
Hope this helps.. all the best.. rate replies if found useful.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :