What is that 192.x.x.x address for?

D

"There are seldom good technological solutions to behavioral problems." - Ed
Crowley

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 10:30 AM
To: Exchange Discussions
Subject: RE: Help please


This is the only thing the syslog server got

.226 looks like a vpn addy.  Outside I have no idea.

12-18-2001      12:45:03        News.Error      172.16.1.2      Dec 18
2001 09:57:13: %PIX-3-305006: regular translation creation failed for udp
src inside:192.168.5.226/1350 dst outside:24.3.196.33/53

-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 12:28 PM
To: Exchange Discussions
Subject: RE: Help please

The tcp and www statement should be in a "conduit permit" statement... 1 IP
address???  Might I ask why?

D

"Mistakes: It could be that the purpose of your life is only to serve as a
warning to others."

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 9:14 AM
To: Exchange Discussions
Subject: RE: Help please


I don't think I can take the proxy out of the picture I only have 1 ip I can
use and it's the pix ip.  Is it possible to map that ip in and out along
with the other statement.  Your last statement was correct BUT there is no
tcp or www in my static statement.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 12:10 PM
To: Exchange Discussions
Subject: RE: Help please

I'm not sure I see the relevance of forwarding the ip packets to the proxy
then to the internal server.  Your not accomplishing anything different then
directly forwarding the port 80 packets to your internal owa server.  I only
say this because your behind the PIX firewall.  I could understand if you
were behind a "proxy server" but this is not the case.

I'm assuming your using some type of access-list entry like: access-list 100
permit tcp any host (external_ip) eq www 

and then a corresponding conduit (or static) command for your internal
server (proxy) static (inside,outside) tcp (external_ip) www
(internal_ip)
www netmask 255.255.255.255

Simply change the internal_ip to your owa server so that we can RULE out the
proxy server.

Make sure you do a "write mem" then retest.  However, make sure your
followed my previous advise on the host headers and ip info.

Thx.

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 18, 2001 10:56 AM
To: Exchange Discussions
Subject: RE: Help please


No lockout

That ip is the only ip associated with the proxy.  All incoming requests go
to it first.

That's all the proxy logs seem to have regarding that connection.

Im setting up the pix syslog serve now.

-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 11:51 AM
To: Exchange Discussions
Subject: RE: Help please

Ok, so that address is only assigned to the OWA server?  Is there anything
else in the proxy logs that might turn something up?  Proxy and the PIX are
dropping the return path or something.  Does the user account ever get
locked out with the bad login attempts?

D

"May you have the foresight to know where you're going, the hindsight to
know where you've been, and the insight to know when you've gone too far."
-Irish Toast

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 8:36 AM
To: Exchange Discussions
Subject: RE: Help please


Sh xlate returns

Global 208.253.38.123 local 172.16.1.1 static
-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 11:26 AM
To: Exchange Discussions
Subject: RE: Help please

Nope, if that is the address of the PIX, it won't work.  

Do a "sh xlate" at the prompt on the PIX.  You should have a statically
defined Pub address that points to your priv address.

D

"I only regret that I have but one life to lose for my country." -Nathan
Hale

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 8:23 AM
To: Exchange Discussions
Subject: RE: Help please


I have an inside outside mapping from that ip to the public ip
208.253.38.123 which is the outside ip of the pix


-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 11:20 AM
To: Exchange Discussions
Subject: RE: Help please

I think I've got it!  What there should be an address translation from the
172.16.1.1 (private address) to a "Public" address.  You're trying to route
a non-routable address to the outside.  I don't know about proxy, but the
PIX is telling you to fsck off.  

That 172 address HAS to be routed to a routable IP address!

D

"Those who deny freedom to others deserve it not for themselves." -Abraham
Lincoln

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 8:12 AM
To: Exchange Discussions
Subject: RE: Help please


That's all I see in the log for that access point.  Although I just set up
another internal web site to try redirection with and I get the same problem
so I would guess that the proxy or pix are the prob not the exchange server.

Yes that ip is a dialup client

-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 11:08 AM
To: Exchange Discussions
Subject: RE: Help please

Is the 63.x.x.x address the client address or what?  What shows up in the
logs when you try to pass authentication?

D

"A computer lets you make more mistakes faster than any invention in human
history - with the possible exceptions of handguns and tequila." -Mitch
Ratcliffe, "Technology Review"

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 7:57 AM
To: Exchange Discussions
Subject: RE: Help please


When accessing the site this is what is in the proxy log

2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET
/scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461)

tahoe is the internal exchange server.  



-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 10:45 AM
To: Exchange Discussions
Subject: RE: Help please

OK, let us know what you find.

D

"DOS 6: Because there aren't enough problems in the world already."

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 7:37 AM
To: Exchange Discussions
Subject: RE: Help please


I will have to call cisco as per starting logs.  I am not that secure enough
about the proper way of turning the loggin up. 

As for proxy I am attempting that now.

-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 10:37 AM
To: Exchange Discussions
Subject: RE: Help please

That's why I wanted you to check the logs on both Proxy and the PIX.
Somewhere there's something not passing traffic correctly...

D

"Overconfidence: Before you attempt to beat the odds, be sure you can
survive the odds beating you." - - http://www.despair.com

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 7:31 AM
To: Exchange Discussions
Subject: RE: Help please


Its funny.  I can not redirect and websites to internal servers.  I am
beginning to think this is a proxy problem.

-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 10:18 AM
To: Exchange Discussions
Subject: RE: Help please

Router???  I thought you said you have a PIX.  They have much more than
16MB, well, not "much" more, but at least 32MB.

D

"Arrogance: The Best Leaders Inspire by Example.  When that's not an option,
brute intimidation works pretty well too." - - http://www.despair.com

-----Original Message-----
From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 7:13 AM
To: Exchange Discussions
Subject: RE: Help please


Can't upgrade to 6.0.  cisco will not allow me to dl it as I only have 16mb
in my router.

Also,  tom I have verified that information.  Thanks.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 10:11 AM
To: Exchange Discussions
Subject: RE: Help please

Upgrade to 6.0 IOS

-----Original Message-----
From: Don Ely [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 17, 2001 9:07 PM
To: Exchange Discussions
Subject: RE: Help please


I can't recall some great examples off hand, but I remember a time where the
PIX would to funny things to the network traffic as it passed in either
direction.  Tended to time things out and make stuff not work.

D

"The true test of character is not how much we know how to do, but how we
behave when we don't know what to do." -John Holt

-----Original Message-----
X-Sybari-Space: 00000000 00000000 00000000 00000000
From: Peter Szabo [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 17, 2001 6:26 PM
To: Exchange Discussions
Subject: Re: Help please


Don,

I'm not too familiar with PIX but I know the problem with esmtp and pix ,
but never heard of any with http.

Ronald,

The easiet way to make sure is not the pix, connect your laptop to the
segment bethwin the pix and your proxy and try to connect to OWA. If it is
working, call Ci$co.

/Peter
----- Original Message -----
From: "Don Ely" <[EMAIL PROTECTED]>
To: "Exchange Discussions" <[EMAIL PROTECTED]>
Sent: Monday, December 17, 2001 9:06 PM
Subject: RE: Help please


> That's another theory too...  However, on the PIX there are some
> strange occurrences that would not pass some HTTP traffic correctly. 
> Not always, but I've seen it.
>
> D
>
> "Ignorance: It's amazing how much easier it is for a team to work
> together when no one has any idea where they're going." - - 
> http://www.despair.com
>
> -----Original Message-----
> From: Peter Szabo [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 17, 2001 6:06 PM
> To: Exchange Discussions
> Subject: Re: Help please
>
>
> Ronald,
>
> If your external address for your owa is tahoe.ss-pca.com/exchange
> then
you
> have an authentication problem on your OWA server, nothing to do with
> your proxy or PIX. for a proxy server or a pix f/w http is http is 
> http. <period>. On your OWA server diasble any other authentication 
> but Basic.
If
> I remember correctly internaly users can access OWA, yes ?
>
> /Peter
>
> ----- Original Message -----
> From: "Don Ely" <[EMAIL PROTECTED]>
> To: "Exchange Discussions" <[EMAIL PROTECTED]>
> Sent: Monday, December 17, 2001 8:47 PM
> Subject: RE: Help please
>
>
> > Have you turned up syslog on your PIX to watch the traffic?  What do

> > the logs say (both Proxy and the PIX)?  My money says your issue
> > resides in there.
> >
> > D
> >
> > "It was when I found out I could make mistakes that I knew I was on
> > to something." -Ornette Coleman
> >
> > -----Original Message-----
> > From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, December 17, 2001 5:14 PM
> > To: Exchange Discussions
> > Subject: RE: Help please
> >
> >
> > Yes that article has been followed to the letter.  I apologize for
> > the ms reference so could we get back to this. It is becoming 
> > increasingly frustrating.  It SHOULD work.
> >
> > -----Original Message-----
> > From: Tom Meunier [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, December 17, 2001 4:52 PM
> > To: Exchange Discussions
> > Subject: RE: Help please
> >
> > 1.  Your MX record has no bearing on the issue - that's solely for
> > mail routing.  You need to worry about where your "A" record (or 
> > CNAME if
> that's
> > how you're doing it) points.
> > 2.  I'm still kind of waiting for you to say that you've followed
> > Q276388
> to
> > the letter.  Whether OWA 5.5 works through proxy has nothing to do
> > with whether OWA 2000 does; they are nowhere NEAR being the same 
> > product.
> >
> >
> > > -----Original Message-----
> > > From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At:
> > > Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing 
> > > List
> > > Conversation: Help please
> > > Subject: RE: Help please
> > >
> > >
> > > Yeah sorry.  My mx record is exchange.domain.com. when a user
> > > enters exchange.domain.com/exchange they hit the proxy.  Proxy is 
> > > set up to redirect any requests for this address to the internal 
> > > exchange address. This is as per M$.
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, December 17, 2001 3:56 PM
> > > To: Exchange Discussions
> > > Subject: RE: Help please
> > >
> > > Upgrade to version 6.0 IOS.  Use the Static Port commands to
> > > redirect users to the internal OWA site instead of your Proxy 
> > > Server first. This works even if your using a DMZ card.  Also, can

> > > you clarify "redirect my MX record exchange server address to the
> > > server"?
> > >
> > > Also...
> > >
> > > How many valid static IP's to you have?
> > > Is your DNS hosted external or internal?
> > > When you upgraded did you change any of the static IP information?
> > >
> > >
> > > -----Original Message-----
> > > From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, December 17, 2001 2:41 PM
> > > To: Exchange Discussions
> > > Subject: Help please
> > >
> > >
> > >
> > > I tried this on the exchange 2000 list and got very little
> > > information. I have a setup as follows:
> > >
> > > Pix Firewall-->Proxy serv/IIS server-->internal network containing

> > > exchange.  We have had exchange 5.5 and OWA running in this config

> > > for some time.  We have recently upgraded to Exchange2000 and are
> > > now having a problem connecting with owa 2000.  When going to the 
> > > owa site a login box comes up to log into exchange BUT it comes up

> > > three times then says access denied.  I have the IIS/proxy web
> > > publishing set to redirect my MX record exchange server address to

> > > the server but can never log in. If anyone got ANY ideas I would
> > > greatly appreciate it.
> > >
> > > Ron
> > >
> > > _________________________________________________________________
> > > List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> > > Archives:               http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe:         mailto:[EMAIL PROTECTED]
> > > Exchange List admin:    [EMAIL PROTECTED]
> > >
> > > _________________________________________________________________
> > > List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> > > Archives:               http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe:         mailto:[EMAIL PROTECTED]
> > > Exchange List admin:    [EMAIL PROTECTED]
> > >
> > > _________________________________________________________________
> > > List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> > > Archives:               http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe:         mailto:[EMAIL PROTECTED]
> > > Exchange List admin:    [EMAIL PROTECTED]
> > >
> >
> > _________________________________________________________________
> > List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> > Archives:               http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe:         mailto:[EMAIL PROTECTED]
> > Exchange List admin:    [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> > Archives:               http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe:         mailto:[EMAIL PROTECTED]
> > Exchange List admin:    [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> > Archives:               http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe:         mailto:[EMAIL PROTECTED]
> > Exchange List admin:    [EMAIL PROTECTED]
>
>
> _________________________________________________________________
> List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> Archives:               http://www.swynk.com/sitesearch/search.asp
> To unsubscribe:         mailto:[EMAIL PROTECTED]
> Exchange List admin:    [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> Archives:               http://www.swynk.com/sitesearch/search.asp
> To unsubscribe:         mailto:[EMAIL PROTECTED]
> Exchange List admin:    [EMAIL PROTECTED]


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

Reply via email to