From: Muhammed Omar (muhammed_omar@xxxxxxxxxxx)
Date: Mon Aug 13 2001 - 05:21:04 GMT-3
Here is some more info. If I add my Win2K account to Domain Admins group
then I can use OWA with no problems. So it is definitely a Win2K permissions
issue but don't know what exactly is needed. The Exchange 5.5 & IIS 5 are
all on the Win2K Domain controller machine.
----- Original Message -----
From: Chuck Church <cchurch@MAGNACOM.com>
To: 'Muhammed Omar' <muhammed_omar@hotmail.com>; <alennon_uk@yahoo.com>;
'Jay Hennigan' <jay@west.net>
Cc: 'Ccielab@Groupstudy. Com' <ccielab@groupstudy.com>
Sent: Sunday, August 12, 2001 4:46 PM
Subject: RE: OT: Outlook for Web Via 1605 Firewall
> Is your OWA server the home of your mailbox? If not, put an entry in the
> OWA server's winnt/system32/drivers/etc/hosts file for the name and
address
> of the server with the mailbox. OWA doesn't seem to rely on netbios name
> resolution, but rather DNS resolution.
>
> Chuck
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Muhammed Omar
> Sent: Sunday, August 12, 2001 3:37 AM
> To: alennon_uk@yahoo.com; 'Jay Hennigan'
> Cc: 'Ccielab@Groupstudy. Com'
> Subject: Re: OT: Outlook for Web Via 1605 Firewall
>
>
> Hi guys
>
> I removed the ACL and still can't get pass the Outlook for Web Access
> Browser page. So seems that it is an Win2K/Exchange 5.5 issue. Someone
said
> that something else had to be turned on in Win2K/Exchange but he can't
> recall what he did to make it work at his site. Any ideas please?
>
>
> ----- Original Message -----
> From: Andrew Lennon <alennon_uk@yahoo.com>
> To: 'Jay Hennigan' <jay@west.net>; 'Muhammed Omar'
> <muhammed_omar@hotmail.com>
> Cc: 'Ccielab@Groupstudy. Com' <ccielab@groupstudy.com>
> Sent: Sunday, August 12, 2001 2:10 AM
> Subject: RE: OT: Outlook for Web Via 1605 Firewall
>
>
> > Muhammed,
> >
> > As a first step, you may want to try removing the access list to be sure
> > that is not causing the problem. Hopefully you can then diagnose further
> > from there. I have a router running with NAT and IPSec, but without the
> > FW which works fine with OWA.
> >
> > Andy
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Jay Hennigan
> > Sent: 12 August 2001 00:12
> > To: Muhammed Omar
> > Cc: Ccielab@Groupstudy. Com
> > Subject: Re: OT: Outlook for Web Via 1605 Firewall
> >
> > On Sat, 11 Aug 2001, Muhammed Omar wrote:
> >
> > > Hi guys
> > >
> > > I've setup a 1605 as a firewall (as below) to allow browsing, email &
> > also
> > > for remote users MS Outlook for Web Access. The problem is using a
> > browser
> > > users can't logon to Exchange 5.5 SP4 server (on Win2K server) for
> > email using
> > > port 80. The logon prompt is displayed but when a user types in name
> > password
> > > it does not log them in & does NOT give any error message. Any idea
> > what I'm
> > > missing. Is it permissions issue on Win2K?
> >
> > Port 443 TCP for SSL, perhaps?
> >
> > Try turning on logging on your deny statement in the ACL and see what's
> > getting captured. Just change the last line to:
> >
> > access-list 112 deny ip any any log
> >
> > and turn on term mon unless you're on console.
> >
> >
> > > hostname 1605
> > > !
> > > enable password c
> > > !
> > > ip subnet-zero
> > > !
> > > ip inspect name ethernetin cuseeme timeout 3600
> > > ip inspect name ethernetin ftp timeout 3600
> > > ip inspect name ethernetin h323 timeout 3600
> > > ip inspect name ethernetin http timeout 3600
> > > ip inspect name ethernetin rcmd timeout 3600
> > > ip inspect name ethernetin realaudio timeout 3600
> > > ip inspect name ethernetin smtp timeout 3600
> > > ip inspect name ethernetin sqlnet timeout 3600
> > > ip inspect name ethernetin streamworks timeout 3600
> > > ip inspect name ethernetin tcp timeout 3600
> > > ip inspect name ethernetin tftp timeout 30
> > > ip inspect name ethernetin udp timeout 15
> > > ip inspect name ethernetin vdolive timeout 3600
> > > !
> > > !
> > > interface Ethernet0
> > > ip address 150.150.150.1 255.255.255.0
> > > ip access-group 112 in
> > > no ip directed-broadcast
> > > ip nat outside
> > >
> > > interface Ethernet1
> > > ip address 20.20.20.2 255.255.255.0
> > > no ip directed-broadcast
> > > ip nat inside
> > > ip inspect ethernetin in
> > >
> > > !
> > > interface Serial1
> > > no ip address
> > > no ip directed-broadcast
> > > shutdown
> > > !
> > > ip nat inside source list 7 interface Ethernet0 overload
> > > ip nat inside source static tcp 20.20.20.20 150.150.150.150
> > > !
> > > ip classless
> > > ip route 0.0.0.0 0.0.0.0 150.150.150.2
> > > !
> > > access-list 7 deny 20.20.20.20
> > > access-list 7 permit 20.0.0.0 0.255.255.255
> > > !
> > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable
> > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply
> > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 packet-too-big
> > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 time-exceeded
> > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute
> > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255
> > > administratively-prohibited
> > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo
> > > access-list 112 permit tcp any www host 150.150.150.150 eq www
> > > access-list 112 permit tcp host 200.20.1.1 25 host 150.150.150.150 eq
> > 25
> > > access-list 112 permit tcp host 150.150.150.2 host 150.150.150.1 eq
> > telnet
> > > access-list 112 deny ip 127.0.0.0 0.255.255.255 any
> > > access-list 112 deny ip any any
> >
> > --
> > Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
> > NetLojix Communications, Inc. - http://www.netlojix.com/
> > WestNet: Connecting you to the planet. 805 884-6323
> > **Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:50 GMT-3