RE: front-end OWA server
From: Skipster (Skipster_at_discussions.microsoft.com)
Date: 01/03/05
- Next message: Ben Winzenz [Exchange MVP]: "Re: Disaster Recovery to alternate server"
- Previous message: matt: "Shared Mailbox"
- In reply to: Vic: "front-end OWA server"
- Next in thread: Vic: "Re: front-end OWA server"
- Reply: Vic: "Re: front-end OWA server"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 3 Jan 2005 13:53:03 -0800
Vic
Is the OWA server part of the same domain as the exchange server? and from
looking at your diagram I am not sure why you opened up all those ports on
your firewall. Depending on the type of router that you are using you should
be able to go to https://owa/exchange from the LAN subnet and be able to
authenticate. You should not have to route through the firewall to make this
request so the firewall should not be the issue with not being able to
authenticate. When an internal client goes to https://owa/exchange your
router should forward the request to this server, there shoudl be no NATING
going on with this traffic. All the NATING should be happening on your
firwall facing the internet and the internet facing the DMZ interface. It
sounds like you have NAT going on with the DMZ subnet and the local LAN
subnet and this can be your issue when trying to authenticate.
"Vic" wrote:
> This is good recommendation, but our DMZ is a sepereate subnet that can
> route to the internal network (DMZ 192.168.100.xxx/Internal 192.168.50.xxx).
> So all devices in the DMZ subnet could use NAT to an external IP address.
> This is why we would like to keep the front-end OWA server on the DMZ.
>
> "Andy David - Exchange MVP" <adavid@pleasekeepinngcheesebucket.com> wrote in
> message news:4eldt0l9cftehbd7v61m41qdf6kpkdje5i@4ax.com...
> > Put OWA back behind the firewall. Use ISA or other simliar products in
> > the DMZ and reverse proxy OWA out.
> >
> >
> >
> > On Fri, 31 Dec 2004 09:36:31 -0800, "Vic" <macanas@gmail.nospman.com>
> > wrote:
> >
> > >I have setup a front-end OWA server to allow remote users to read their
> mail
> > >remotely (obviously). The problem I encountere is as follows; the OWA is
> on
> > >a DMZ and can be accessed from the internal network. When connecting to
> the
> > >OWA server from the outside (public ip) I cannot even connect to the
> site.
> > >
> > >Here is what our network looks like:
> > >
> > > Internet
> > > |
> > >***Router***
> > > |_____DMZ-----OWA Front-End (Using NAT IP 208.xxx.xxx.xxx
> > >ext/192.168.xxx.xxx int)
> > > | Other Web Servers
> > >***Firewall***
> > > |
> > >Internal Network (Win2k3)
> > >1 Exchange2k3 Ent. Server
> > >2 Win2k3 DC's
> > > |
> > > Clients, etc.
> > >
> > >When connecting internally to the OWA using (https://owa/exchange), I can
> > >connect but cannot authenticate to the using any account allowed OWA
> access.
> > >When I bring the server back out of the DMZ and into the internal
> network,
> > >authentication works just fine.
> > >
> > >Here is a list of ports that have been opened on the Firewall:
> > > a.. For Exchange Communication:
> > > a.. Port 80 for HTTP
> > > b.. Port 443 for SSL
> > > c.. Port 691 for Link State Algorithm routing protocol
> > > b.. For Active Directory communication:
> > > a.. Port 389 for LDAP (TCP and UDP)
> > > b.. Port 3268 for Global Catalog Server LDAP (TCP)
> > > c.. Port 88 for Kerberos Authentication (TCP and UDP)
> > >Can anyone please help?
> > >
> > >Thanks,
> > >Vic
> > >
> >
>
>
>
>
- Next message: Ben Winzenz [Exchange MVP]: "Re: Disaster Recovery to alternate server"
- Previous message: matt: "Shared Mailbox"
- In reply to: Vic: "front-end OWA server"
- Next in thread: Vic: "Re: front-end OWA server"
- Reply: Vic: "Re: front-end OWA server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
