| Subject: | OWA on a DMZ Cisco Pix |
| Posted by: | Tim (T…@discussions.microsoft.com) |
| Date: | Mon, 24 Apr 2006 |
I have an OWA box that I need to place on a DMZ, however I can not get it to
talk back to authenticate. I use static and conduits on my pix. Here is what
I have for the static
What Statics do I need to create ie map a public ip to a dmz ip for the OWA
box then do I need to map a DMZ ip to an internal IP if so what internal IP
do I need to use the exchange backend server, the domain controller, or just
an internal ip does not matter what it is?
On my conduits here is what they currently look like
conduit permit tcp host 10.1.1.12 eq www any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 80 any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq 691 any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 691 any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq ldap any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 389 any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq 3268 any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 3268 any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq 88 any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 88 any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq domain any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq domain any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq 135 any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 135 any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq 1024 any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 1024 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq www any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq 80 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq 691 any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq 691 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq ldap any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq 389 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq 3268 any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq 3268 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq 88 any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq 88 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq domain any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq domain any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq 135 any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq 135 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq 1024 any (hitcnt=0)
conduit permit udp host 10.1.1.13 eq 1024 any (hitcnt=0)
conduit permit tcp host 10.1.1.12 eq 6129 any (hitcnt=0)
conduit permit udp host 10.1.1.12 eq 6129 any (hitcnt=0)
conduit permit tcp host 10.1.1.13 eq 6129 any (hitcnt=0)
Can someone tell me what I am doing wrong here. The front end will not talk
to the backend so I am almost positive that I have something going wrong with
my satatic and conduits.
the .12 is the frontend server and the .13 is to map it back to an internal
address on the lan however I dont know what that address should be.