Re: OT: Outlook for Web Via 1605 Firewall

From: Muhammed Omar (muhammed_omar@xxxxxxxxxxx)
Date: Sun Aug 12 2001 - 04:36:36 GMT-3

• Next message: jonatale@xxxxxxxxxxxxx: "Re: isis on physical / multipoint interfaces"
• Previous message: Hans: "ios version for ISIS"
• Maybe in reply to: Muhammed Omar: "OT: Outlook for Web Via 1605 Firewall"
• Next in thread: Chuck Church: "RE: OT: Outlook for Web Via 1605 Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi guys

I removed the ACL and still can't get pass the Outlook for Web Access
Browser page. So seems that it is an Win2K/Exchange 5.5 issue. Someone said
that something else had to be turned on in Win2K/Exchange but he can't
recall what he did to make it work at his site. Any ideas please?

----- Original Message -----
From: Andrew Lennon <alennon_uk@yahoo.com>
To: 'Jay Hennigan' <jay@west.net>; 'Muhammed Omar'
<muhammed_omar@hotmail.com>
Cc: 'Ccielab@Groupstudy. Com' <ccielab@groupstudy.com>
Sent: Sunday, August 12, 2001 2:10 AM
Subject: RE: OT: Outlook for Web Via 1605 Firewall

> Muhammed,
>
> As a first step, you may want to try removing the access list to be sure
> that is not causing the problem. Hopefully you can then diagnose further
> from there. I have a router running with NAT and IPSec, but without the
> FW which works fine with OWA.
>
> Andy
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Jay Hennigan
> Sent: 12 August 2001 00:12
> To: Muhammed Omar
> Cc: Ccielab@Groupstudy. Com
> Subject: Re: OT: Outlook for Web Via 1605 Firewall
>
> On Sat, 11 Aug 2001, Muhammed Omar wrote:
>
> > Hi guys
> >
> > I've setup a 1605 as a firewall (as below) to allow browsing, email &
> also
> > for remote users MS Outlook for Web Access. The problem is using a
> browser
> > users can't logon to Exchange 5.5 SP4 server (on Win2K server) for
> email using
> > port 80. The logon prompt is displayed but when a user types in name
> password
> > it does not log them in & does NOT give any error message. Any idea
> what I'm
> > missing. Is it permissions issue on Win2K?
>
> Port 443 TCP for SSL, perhaps?
>
> Try turning on logging on your deny statement in the ACL and see what's
> getting captured. Just change the last line to:
>
> access-list 112 deny ip any any log
>
> and turn on term mon unless you're on console.
>
>
> > hostname 1605
> > !
> > enable password c
> > !
> > ip subnet-zero
> > !
> > ip inspect name ethernetin cuseeme timeout 3600
> > ip inspect name ethernetin ftp timeout 3600
> > ip inspect name ethernetin h323 timeout 3600
> > ip inspect name ethernetin http timeout 3600
> > ip inspect name ethernetin rcmd timeout 3600
> > ip inspect name ethernetin realaudio timeout 3600
> > ip inspect name ethernetin smtp timeout 3600
> > ip inspect name ethernetin sqlnet timeout 3600
> > ip inspect name ethernetin streamworks timeout 3600
> > ip inspect name ethernetin tcp timeout 3600
> > ip inspect name ethernetin tftp timeout 30
> > ip inspect name ethernetin udp timeout 15
> > ip inspect name ethernetin vdolive timeout 3600
> > !
> > !
> > interface Ethernet0
> > ip address 150.150.150.1 255.255.255.0
> > ip access-group 112 in
> > no ip directed-broadcast
> > ip nat outside
> >
> > interface Ethernet1
> > ip address 20.20.20.2 255.255.255.0
> > no ip directed-broadcast
> > ip nat inside
> > ip inspect ethernetin in
> >
> > !
> > interface Serial1
> > no ip address
> > no ip directed-broadcast
> > shutdown
> > !
> > ip nat inside source list 7 interface Ethernet0 overload
> > ip nat inside source static tcp 20.20.20.20 150.150.150.150
> > !
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 150.150.150.2
> > !
> > access-list 7 deny 20.20.20.20
> > access-list 7 permit 20.0.0.0 0.255.255.255
> > !
> > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable
> > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply
> > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 packet-too-big
> > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 time-exceeded
> > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute
> > access-list 112 permit icmp any 150.150.150.0 0.0.0.255
> > administratively-prohibited
> > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo
> > access-list 112 permit tcp any www host 150.150.150.150 eq www
> > access-list 112 permit tcp host 200.20.1.1 25 host 150.150.150.150 eq
> 25
> > access-list 112 permit tcp host 150.150.150.2 host 150.150.150.1 eq
> telnet
> > access-list 112 deny ip 127.0.0.0 0.255.255.255 any
> > access-list 112 deny ip any any
>
> --
> Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
> NetLojix Communications, Inc. - http://www.netlojix.com/
> WestNet: Connecting you to the planet. 805 884-6323
> **Please read:http://www.groupstudy.com/list/posting.html

• Next message: jonatale@xxxxxxxxxxxxx: "Re: isis on physical / multipoint interfaces"
• Previous message: Hans: "ios version for ISIS"
• Maybe in reply to: Muhammed Omar: "OT: Outlook for Web Via 1605 Firewall"
• Next in thread: Chuck Church: "RE: OT: Outlook for Web Via 1605 Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:49 GMT-3