RE: OT: Outlook for Web Via 1605 Firewall

From: Chuck Church (cchurch@xxxxxxxxxxxx)
Date: Mon Aug 13 2001 - 20:39:28 GMT-3

   
I think OWA creates a site under IIS. Who has rights to this
site/directory?

Chuck

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Muhammed Omar
Sent: Monday, August 13, 2001 11:41 AM
To: Ron Carithers; Chuck Church; alennon_uk@yahoo.com; 'Jay Hennigan';
nicholas
Cc: 'Ccielab@Groupstudy. Com'
Subject: Re: OT: Outlook for Web Via 1605 Firewall

I did that (following Microsoft docs) but it does not solve the issue.
----- Original Message -----
From: Ron Carithers <RCARITHERS@edge2net.net>
To: 'Muhammed Omar' <muhammed_omar@hotmail.com>; Chuck Church
<cchurch@MAGNACOM.com>; <alennon_uk@yahoo.com>; 'Jay Hennigan'
<jay@west.net>; nicholas <nicholas@newmerica.com>
Cc: 'Ccielab@Groupstudy. Com' <ccielab@groupstudy.com>
Sent: Monday, August 13, 2001 2:58 PM
Subject: RE: OT: Outlook for Web Via 1605 Firewall

> You need to give the account you want to use the right to "log on locally"
> on the OWA server.
>
> -----Original Message-----
> From: Muhammed Omar [mailto:muhammed_omar@hotmail.com]
> Sent: Monday, August 13, 2001 1:21 AM
> To: Chuck Church; alennon_uk@yahoo.com; 'Jay Hennigan'; nicholas
> Cc: 'Ccielab@Groupstudy. Com'
> Subject: Re: OT: Outlook for Web Via 1605 Firewall
>
>
> Here is some more info. If I add my Win2K account to Domain Admins group
> then I can use OWA with no problems. So it is definitely a Win2K
permissions
> issue but don't know what exactly is needed. The Exchange 5.5 & IIS 5 are
> all on the Win2K Domain controller machine.
> ----- Original Message -----
> From: Chuck Church <cchurch@MAGNACOM.com>
> To: 'Muhammed Omar' <muhammed_omar@hotmail.com>; <alennon_uk@yahoo.com>;
> 'Jay Hennigan' <jay@west.net>
> Cc: 'Ccielab@Groupstudy. Com' <ccielab@groupstudy.com>
> Sent: Sunday, August 12, 2001 4:46 PM
> Subject: RE: OT: Outlook for Web Via 1605 Firewall
>
>
> > Is your OWA server the home of your mailbox? If not, put an entry in
the
> > OWA server's winnt/system32/drivers/etc/hosts file for the name and
> address
> > of the server with the mailbox. OWA doesn't seem to rely on netbios
name
> > resolution, but rather DNS resolution.
> >
> > Chuck
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Muhammed Omar
> > Sent: Sunday, August 12, 2001 3:37 AM
> > To: alennon_uk@yahoo.com; 'Jay Hennigan'
> > Cc: 'Ccielab@Groupstudy. Com'
> > Subject: Re: OT: Outlook for Web Via 1605 Firewall
> >
> >
> > Hi guys
> >
> > I removed the ACL and still can't get pass the Outlook for Web Access
> > Browser page. So seems that it is an Win2K/Exchange 5.5 issue. Someone
> said
> > that something else had to be turned on in Win2K/Exchange but he can't
> > recall what he did to make it work at his site. Any ideas please?
> >
> >
> > ----- Original Message -----
> > From: Andrew Lennon <alennon_uk@yahoo.com>
> > To: 'Jay Hennigan' <jay@west.net>; 'Muhammed Omar'
> > <muhammed_omar@hotmail.com>
> > Cc: 'Ccielab@Groupstudy. Com' <ccielab@groupstudy.com>
> > Sent: Sunday, August 12, 2001 2:10 AM
> > Subject: RE: OT: Outlook for Web Via 1605 Firewall
> >
> >
> > > Muhammed,
> > >
> > > As a first step, you may want to try removing the access list to be
sure
> > > that is not causing the problem. Hopefully you can then diagnose
further
> > > from there. I have a router running with NAT and IPSec, but without
the
> > > FW which works fine with OWA.
> > >
> > > Andy
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> > > Jay Hennigan
> > > Sent: 12 August 2001 00:12
> > > To: Muhammed Omar
> > > Cc: Ccielab@Groupstudy. Com
> > > Subject: Re: OT: Outlook for Web Via 1605 Firewall
> > >
> > > On Sat, 11 Aug 2001, Muhammed Omar wrote:
> > >
> > > > Hi guys
> > > >
> > > > I've setup a 1605 as a firewall (as below) to allow browsing, email
&
> > > also
> > > > for remote users MS Outlook for Web Access. The problem is using a
> > > browser
> > > > users can't logon to Exchange 5.5 SP4 server (on Win2K server) for
> > > email using
> > > > port 80. The logon prompt is displayed but when a user types in name
> > > password
> > > > it does not log them in & does NOT give any error message. Any idea
> > > what I'm
> > > > missing. Is it permissions issue on Win2K?
> > >
> > > Port 443 TCP for SSL, perhaps?
> > >
> > > Try turning on logging on your deny statement in the ACL and see
what's
> > > getting captured. Just change the last line to:
> > >
> > > access-list 112 deny ip any any log
> > >
> > > and turn on term mon unless you're on console.
> > >
> > >
> > > > hostname 1605
> > > > !
> > > > enable password c
> > > > !
> > > > ip subnet-zero
> > > > !
> > > > ip inspect name ethernetin cuseeme timeout 3600
> > > > ip inspect name ethernetin ftp timeout 3600
> > > > ip inspect name ethernetin h323 timeout 3600
> > > > ip inspect name ethernetin http timeout 3600
> > > > ip inspect name ethernetin rcmd timeout 3600
> > > > ip inspect name ethernetin realaudio timeout 3600
> > > > ip inspect name ethernetin smtp timeout 3600
> > > > ip inspect name ethernetin sqlnet timeout 3600
> > > > ip inspect name ethernetin streamworks timeout 3600
> > > > ip inspect name ethernetin tcp timeout 3600
> > > > ip inspect name ethernetin tftp timeout 30
> > > > ip inspect name ethernetin udp timeout 15
> > > > ip inspect name ethernetin vdolive timeout 3600
> > > > !
> > > > !
> > > > interface Ethernet0
> > > > ip address 150.150.150.1 255.255.255.0
> > > > ip access-group 112 in
> > > > no ip directed-broadcast
> > > > ip nat outside
> > > >
> > > > interface Ethernet1
> > > > ip address 20.20.20.2 255.255.255.0
> > > > no ip directed-broadcast
> > > > ip nat inside
> > > > ip inspect ethernetin in
> > > >
> > > > !
> > > > interface Serial1
> > > > no ip address
> > > > no ip directed-broadcast
> > > > shutdown
> > > > !
> > > > ip nat inside source list 7 interface Ethernet0 overload
> > > > ip nat inside source static tcp 20.20.20.20 150.150.150.150
> > > > !
> > > > ip classless
> > > > ip route 0.0.0.0 0.0.0.0 150.150.150.2
> > > > !
> > > > access-list 7 deny 20.20.20.20
> > > > access-list 7 permit 20.0.0.0 0.255.255.255
> > > > !
> > > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable
> > > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply
> > > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255
packet-too-big
> > > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255
time-exceeded
> > > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute
> > > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255
> > > > administratively-prohibited
> > > > access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo
> > > > access-list 112 permit tcp any www host 150.150.150.150 eq www
> > > > access-list 112 permit tcp host 200.20.1.1 25 host 150.150.150.150
eq
> > > 25
> > > > access-list 112 permit tcp host 150.150.150.2 host 150.150.150.1 eq
> > > telnet
> > > > access-list 112 deny ip 127.0.0.0 0.255.255.255 any
> > > > access-list 112 deny ip any any
> > >
> > > --
> > > Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
> > > NetLojix Communications, Inc. - http://www.netlojix.com/
> > > WestNet: Connecting you to the planet. 805 884-6323
> > > **Please read:http://www.groupstudy.com/list/posting.html

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:50 GMT-3