Re: Help Please
Sherpa Software has such a tool among others... www.mail-resources.com lists at least one other I think. On 2/5/03 10:56, Marc Mearns [EMAIL PROTECTED] wrote: User Group Can any one please help or tell me of any packages that they know of that can search the Exchange 2000 database for certain text in email messages( quite sophisticated analysis). The program would need do lexical analysis of the users emails. Regards Marc Mearns Mobile - 07775-630508 Office - 020 7695 0286 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ( [EMAIL PROTECTED] ). The format of address is: [EMAIL PROTECTED] This footnote also confirms that this email message has been swept by MAILsweeper for the presence of computer viruses. J Sainsbury plc (185647 England) Sainsbury's Supermarkets Limited (3261722 England) Registered Offices: 33 Holborn London EC1N 2HT ** _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Changed the exchange iis website to anonymous now I get page can not be displayed even when I change it back I get nothing. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com
Re: Help please
Basic authentication. /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 8:07 AM Subject: RE: Help please Changed the exchange iis website to anonymous now I get page can not be displayed even when I change it back I get nothing. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp
RE: Help please
Woops. Thanks. OK I did that and it has the same result. Pops up the login box repeatedly. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: Re: Help please Basic authentication. /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 8:07 AM Subject: RE: Help please Changed the exchange iis website to anonymous now I get page can not be displayed even when I change it back I get nothing. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED
RE: Help please
Q292723? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, December 18, 2001 8:43 AM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Woops. Thanks. OK I did that and it has the same result. Pops up the login box repeatedly. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: Re: Help please Basic authentication. /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 8:07 AM Subject: RE: Help please Changed the exchange iis website to anonymous now I get page can not be displayed even when I change it back I get nothing. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running
RE: Help please
Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday
RE: Help please
That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also
RE: Help please
What version are you on now? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users
RE: Help please
Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server
RE: Help please
Sorry PIX. And according to cisco and show ver I have 16mb. I would install it but cisco wont even let me dl it off their site. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message
RE: Help please
Version 5.3(5) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:22 AM To: Exchange Discussions Subject: RE: Help please What version are you on now? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED
RE: Help please
Do you not have a CCO login? D Pretension: The downside of being better than everyone else is that people tend to assume you're pretentious. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:19 AM To: Exchange Discussions Subject: RE: Help please Sorry PIX. And according to cisco and show ver I have 16mb. I would install it but cisco wont even let me dl it off their site. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing
RE: Help please
Which model of the PIX do you have? D Ideas pull the trigger, but instinct loads the gun. -Don Marquis -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:21 AM To: Exchange Discussions Subject: RE: Help please Version 5.3(5) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:22 AM To: Exchange Discussions Subject: RE: Help please What version are you on now? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters
RE: Help please
Yes I have a cco login that's where it blocks me. Pix 515 Web site says that it comes with 16mb but 6.0 requires 32mb I really appreciate all the help. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:25 AM To: Exchange Discussions Subject: RE: Help please Which model of the PIX do you have? D Ideas pull the trigger, but instinct loads the gun. -Don Marquis -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:21 AM To: Exchange Discussions Subject: RE: Help please Version 5.3(5) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:22 AM To: Exchange Discussions Subject: RE: Help please What version are you on now? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same
RE: Help please
Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL
RE: Help please
That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted
RE: Help please
I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points
RE: Help please
OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday
RE: Help please
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a Pix 515 that I run 6.1 on.. I thought they only shipper with 32mb as a minimum.. You should be able to download IOS versions with a valid cco, regardless of what PIX model you have.. ~John - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:28 AM To: Exchange Discussions Subject: RE: Help please Yes I have a cco login that's where it blocks me. Pix 515 Web site says that it comes with 16mb but 6.0 requires 32mb I really appreciate all the help. - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:25 AM To: Exchange Discussions Subject: RE: Help please Which model of the PIX do you have? D Ideas pull the trigger, but instinct loads the gun. -Don Marquis - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:21 AM To: Exchange Discussions Subject: RE: Help please Version 5.3(5) - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:22 AM To: Exchange Discussions Subject: RE: Help please What version are you on now? - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt - -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM
RE: Help please
Ronald, the 16MB you see is for the flash memory, not the RAM. I just looked on their site. You should have at least 32MB of RAM in there. http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm D Ideas pull the trigger, but instinct loads the gun. -Don Marquis -Original Message- From: King, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:56 AM To: Exchange Discussions Subject: RE: Help please -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a Pix 515 that I run 6.1 on.. I thought they only shipper with 32mb as a minimum.. You should be able to download IOS versions with a valid cco, regardless of what PIX model you have.. ~John - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:28 AM To: Exchange Discussions Subject: RE: Help please Yes I have a cco login that's where it blocks me. Pix 515 Web site says that it comes with 16mb but 6.0 requires 32mb I really appreciate all the help. - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:25 AM To: Exchange Discussions Subject: RE: Help please Which model of the PIX do you have? D Ideas pull the trigger, but instinct loads the gun. -Don Marquis - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:21 AM To: Exchange Discussions Subject: RE: Help please Version 5.3(5) - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:22 AM To: Exchange Discussions Subject: RE: Help please What version are you on now? - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt - -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta
RE: Help please
When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman
RE: Help please
Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes
RE: Help please
Logging is fairly straight forward. Telnet to device and add the following lines logging on logging timestamp logging trap errors logging history errors logging facility 7 logging host inside (internal_ip) Your logging host inside needs to be running compliant software. Complaint defined as listening on TCP Port 1468 and UDP 514. I can recommend the PIX Firewall Syslog Server. Download from Cisco Website. Install on a local machine. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My
RE: Help please
Perzactly. However, one must be careful as Level 7 is the highest level and generates the most traffic, so one must ensure to decrease logging when done researching. On another note, a good security admin has logging turned on already to watch the inbound/outbound traffic in an effort to thwart hack attempts and such. D Windows 95: 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please Logging is fairly straight forward. Telnet to device and add the following lines logging on logging timestamp logging trap errors logging history errors logging facility 7 logging host inside (internal_ip) Your logging host inside needs to be running compliant software. Complaint defined as listening on TCP Port 1468 and UDP 514. I can recommend the PIX Firewall Syslog Server. Download from Cisco Website. Install on a local machine. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM
RE: Help please
That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM
RE: Help please
Are you using an host headers on your IIS Server? -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do
RE: Help please
Yes it is set to the server name -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:19 AM To: Exchange Discussions Subject: RE: Help please Are you using an host headers on your IIS Server? -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM
RE: Help please
I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don
Re: Help please
Ronald, Can you login to OWA from your internal network ? /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:13 AM Subject: RE: Help please Yes it is set to the server name -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:19 AM To: Exchange Discussions Subject: RE: Help please Are you using an host headers on your IIS Server? -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing
RE: Help please
Yes, he can. I think his translation from pub address to priv and back to pub is screwed somewhere along the lines. D A TV can insult your intelligence, but nothing rubs it in like a computer. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:27 AM To: Exchange Discussions Subject: Re: Help please Ronald, Can you login to OWA from your internal network ? /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:13 AM Subject: RE: Help please Yes it is set to the server name -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:19 AM To: Exchange Discussions Subject: RE: Help please Are you using an host headers on your IIS Server? -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter
RE: Help please
I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem
RE: Help please
Yes internal works fine. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:27 AM To: Exchange Discussions Subject: Re: Help please Ronald, Can you login to OWA from your internal network ? /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:13 AM Subject: RE: Help please Yes it is set to the server name -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:19 AM To: Exchange Discussions Subject: RE: Help please Are you using an host headers on your IIS Server? -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please
RE: Help please
Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic
RE: Help please
I'm not sure why your using host headers but you need to do one of two things: 1. First, make sure that your IP address is set to all unassigned 2. Next, remove the host headersor 3. or add the host header matching your outside alias (dns). -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL
Re: Help please
Guys, I don't think this is a routing problem. I can access the default web page on tahoe.sss-cpa.com w/o any problem. This IS an authentication issue. /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:22 AM Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test
RE: Help please
Oh. -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:38 AM To: Exchange Discussions Subject: Re: Help please Guys, I don't think this is a routing problem. I can access the default web page on tahoe.sss-cpa.com w/o any problem. This IS an authentication issue. /Peter - Original Message - From: Ronald Mazzotta [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 11:22 AM Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time
RE: Help please
Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED
RE: Help please
Yes my bad sorry. I do and I just received ios 6.0. maybe ill do that tonight. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:54 AM To: Exchange Discussions Subject: RE: Help please Ronald, the 16MB you see is for the flash memory, not the RAM. I just looked on their site. You should have at least 32MB of RAM in there. http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm D Ideas pull the trigger, but instinct loads the gun. -Don Marquis -Original Message- From: King, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:56 AM To: Exchange Discussions Subject: RE: Help please -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a Pix 515 that I run 6.1 on.. I thought they only shipper with 32mb as a minimum.. You should be able to download IOS versions with a valid cco, regardless of what PIX model you have.. ~John - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:28 AM To: Exchange Discussions Subject: RE: Help please Yes I have a cco login that's where it blocks me. Pix 515 Web site says that it comes with 16mb but 6.0 requires 32mb I really appreciate all the help. - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:25 AM To: Exchange Discussions Subject: RE: Help please Which model of the PIX do you have? D Ideas pull the trigger, but instinct loads the gun. -Don Marquis - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:21 AM To: Exchange Discussions Subject: RE: Help please Version 5.3(5) - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:22 AM To: Exchange Discussions Subject: RE: Help please What version are you on now? - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt - -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:47 PM Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say
RE: Help please
Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too
RE: Help please
No prob, just remember to pay attention to details. We like details, especially finite details. ;o) D In the kingdom of the blind, the one-eyed man is king. -Desiderius Erasmus -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:41 AM To: Exchange Discussions Subject: RE: Help please Yes my bad sorry. I do and I just received ios 6.0. maybe ill do that tonight. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:54 AM To: Exchange Discussions Subject: RE: Help please Ronald, the 16MB you see is for the flash memory, not the RAM. I just looked on their site. You should have at least 32MB of RAM in there. http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm D Ideas pull the trigger, but instinct loads the gun. -Don Marquis -Original Message- From: King, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:56 AM To: Exchange Discussions Subject: RE: Help please -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a Pix 515 that I run 6.1 on.. I thought they only shipper with 32mb as a minimum.. You should be able to download IOS versions with a valid cco, regardless of what PIX model you have.. ~John - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:28 AM To: Exchange Discussions Subject: RE: Help please Yes I have a cco login that's where it blocks me. Pix 515 Web site says that it comes with 16mb but 6.0 requires 32mb I really appreciate all the help. - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:25 AM To: Exchange Discussions Subject: RE: Help please Which model of the PIX do you have? D Ideas pull the trigger, but instinct loads the gun. -Don Marquis - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:21 AM To: Exchange Discussions Subject: RE: Help please Version 5.3(5) - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:22 AM To: Exchange Discussions Subject: RE: Help please What version are you on now? - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:21 AM To: Exchange Discussions Subject: RE: Help please That doesnt make any sense. Download the file to a server running tftp. Tftp the image to your router? - -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS - -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt - -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication
RE: Help please
No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From
RE: Help please
One thing you might try is to take the proxy server out of the picture. Direct OWA straight to the PIX and see if that works. That will limit one point of failure. You can't take the PIX out of the picture, but if your problem still exists after taking proxy out of the middle, then you can start looking harder at your OWA server. You don't have any funky file or share level permissions on the OWA server do you? D BSD Skunks the Penguin - Roger Seilestad -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM
RE: Help please
I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008,+http://tahoe/exchange/USA/ 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) tahoe is the internal exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From
RE: Help please
Also... When you upgrade to 6.0 make sure you add the following lines: ip audit info action alarm ip audit attack action alarm no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable Thx. Murphy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:10 AM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll
RE: Help please
I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila. -Mitch Ratcliffe, Technology Review -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:57 AM To: Exchange Discussions Subject: RE: Help please When accessing the site this is what is in the proxy log 2001-12-18 15:51:12 63.17.150.119 - 172.16.1.1 80 GET /scripts/proxy/w3proxy.dll 038b0008
RE: Help please
The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63.x.x.x address the client address or what? What shows up in the logs when you try to pass authentication? D A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions
RE: Help please
Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server
RE: Help please
Had to install kiwi enterprise syslog. Did everythin stated but no info is logged to the syslog server -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:12 AM To: Exchange Discussions Subject: RE: Help please Logging is fairly straight forward. Telnet to device and add the following lines logging on logging timestamp logging trap errors logging history errors logging facility 7 logging host inside (internal_ip) Your logging host inside needs to be running compliant software. Complaint defined as listening on TCP Port 1468 and UDP 514. I can recommend the PIX Firewall Syslog Server. Download from Cisco Website. Install on a local machine. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server or a pix f/w http is http is http. period. On your OWA server diasble any other authentication but Basic. If I remember correctly internaly users can access OWA, yes ? /Peter - Original
RE: Help please
Conduit commands are not recommended or supported in 6.0 and above. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:28 AM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:08 AM To: Exchange Discussions Subject: RE: Help please Is the 63
RE: Help please
Upgrade to 6.0 first. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:32 AM To: Exchange Discussions Subject: RE: Help please Had to install kiwi enterprise syslog. Did everythin stated but no info is logged to the syslog server -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:12 AM To: Exchange Discussions Subject: RE: Help please Logging is fairly straight forward. Telnet to device and add the following lines logging on logging timestamp logging trap errors logging history errors logging facility 7 logging host inside (internal_ip) Your logging host inside needs to be running compliant software. Complaint defined as listening on TCP Port 1468 and UDP 514. I can recommend the PIX Firewall Syslog Server. Download from Cisco Website. Install on a local machine. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:45 AM To: Exchange Discussions Subject: RE: Help please OK, let us know what you find. D DOS 6: Because there aren't enough problems in the world already. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:37 AM To: Exchange Discussions Subject: RE: Help please I will have to call cisco as per starting logs. I am not that secure enough about the proper way of turning the loggin up. As for proxy I am attempting that now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:37 AM To: Exchange Discussions Subject: RE: Help please That's why I wanted you to check the logs on both Proxy and the PIX. Somewhere there's something not passing traffic correctly... D Overconfidence: Before you attempt to beat the odds, be sure you can survive the odds beating you. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:31 AM To: Exchange Discussions Subject: RE: Help please Its funny. I can not redirect and websites to internal servers. I am beginning to think this is a proxy problem. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:18 AM To: Exchange Discussions Subject: RE: Help please Router??? I thought you said you have a PIX. They have much more than 16MB, well, not much more, but at least 32MB. D Arrogance: The Best Leaders Inspire by Example. When that's not an option, brute intimidation works pretty well too. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 7:13 AM To: Exchange Discussions Subject: RE: Help please Can't upgrade to 6.0. cisco will not allow me to dl it as I only have 16mb in my router. Also, tom I have verified that information. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:11 AM To: Exchange Discussions Subject: RE: Help please Upgrade to 6.0 IOS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 9:07 PM To: Exchange Discussions Subject: RE: Help please I can't recall some great examples off hand, but I remember a time where the PIX would to funny things to the network traffic as it passed in either direction. Tended to time things out and make stuff not work. D The true test of character is not how much we know how to do, but how we behave when we don't know what to do. -John Holt -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:26 PM To: Exchange Discussions Subject: Re: Help please Don, I'm not too familiar with PIX but I know the problem with esmtp and pix , but never heard of any with http. Ronald, The easiet way to make sure is not the pix, connect your laptop to the segment bethwin the pix and your proxy and try to connect to OWA. If it is working, call Ci$co. /Peter - Original Message - From: Don Ely [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 9:06 PM Subject: RE: Help please That's another theory too... However, on the PIX there are some strange occurrences that would not pass some HTTP traffic correctly. Not always, but I've seen it. D Ignorance: It's amazing how much easier it is for a team to work together when no one has any idea where they're going. - - http://www.despair.com -Original Message- From: Peter Szabo [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 6:06 PM To: Exchange Discussions Subject: Re: Help please Ronald, If your external address for your owa is tahoe.ss-pca.com/exchange then you have an authentication problem on your OWA server, nothing to do with your proxy or PIX. for a proxy server
RE: Help please
That's right, I forgot about that. Haven't had to work on one in a few months... D All progress occurs because people dare to be different. -Harry Millner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:40 AM To: Exchange Discussions Subject: RE: Help please Conduit commands are not recommended or supported in 6.0 and above. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:28 AM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site
RE: Help please
One more thing. Before you upgrade to 6.0 make sure you have a copy of your original config. Hopefully you have something like Reflections (vs M$ telnet). Next type: show config (enable mode) Copy and paste the config to a text file for future reference. Some of the command sets are obsolete in the 6.0 from that older version. We will need to rebuild your config from scratch. No problemo. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:36 AM To: Exchange Discussions Subject: RE: Help please That's right, I forgot about that. Haven't had to work on one in a few months... D All progress occurs because people dare to be different. -Harry Millner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:40 AM To: Exchange Discussions Subject: RE: Help please Conduit commands are not recommended or supported in 6.0 and above. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:28 AM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address
RE: Help please
Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto
RE: Help please
You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address
RE: Help please
Time to crank out the check book and get you some IP's Jeffrey R. Waters Senior Systems Engineer Information Technology, Hanover County -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:52 PM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route
RE: Help please
Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping
RE: Help please
Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message
RE: Help please
The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday
RE: Help please
1 ip was all uunet would give us at the time so I was told. I just contacted them about it and they are a pain in the arse to get ip's from apparently. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:28 PM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix are the prob not the exchange server. Yes that ip is a dialup client -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday
RE: Help please
This is the only thing the syslog server got .226 looks like a vpn addy. Outside I have no idea. 12-18-2001 12:45:03News.Error 172.16.1.2 Dec 18 2001 09:57:13: %PIX-3-305006: regular translation creation failed for udp src inside:192.168.5.226/1350 dst outside:24.3.196.33/53 -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:28 PM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:12 AM To: Exchange Discussions Subject: RE: Help please That's all I see in the log for that access point. Although I just set up another internal web site to try redirection with and I get the same problem so I would guess that the proxy or pix
RE: Help please
Hmmm... I've never had a problem. Tell all you need at least is a /29 which would give you five IP's. Either way, more IP's will increase the performance of your network. I'd be willing to be you're running PAT versus NAT and the performance of PAT is shall I say... Sub-standard. Check out this site here if you're not well versed in IP blocks... http://www.stanford.edu/group/networking/netdb/help/html/hlpas.html D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:27 AM To: Exchange Discussions Subject: RE: Help please 1 ip was all uunet would give us at the time so I was told. I just contacted them about it and they are a pain in the arse to get ip's from apparently. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:28 PM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX
RE: Help please
What is that 192.x.x.x address for? D There are seldom good technological solutions to behavioral problems. - Ed Crowley -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:30 AM To: Exchange Discussions Subject: RE: Help please This is the only thing the syslog server got .226 looks like a vpn addy. Outside I have no idea. 12-18-2001 12:45:03News.Error 172.16.1.2 Dec 18 2001 09:57:13: %PIX-3-305006: regular translation creation failed for udp src inside:192.168.5.226/1350 dst outside:24.3.196.33/53 -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:28 PM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:36 AM To: Exchange Discussions Subject: RE: Help please Sh xlate returns Global 208.253.38.123 local 172.16.1.1 static -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:26 AM To: Exchange Discussions Subject: RE: Help please Nope, if that is the address of the PIX, it won't work. Do a sh xlate at the prompt on the PIX. You should have a statically defined Pub address that points to your priv address. D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 8:23 AM To: Exchange Discussions Subject: RE: Help please I have an inside outside mapping from that ip to the public ip 208.253.38.123 which is the outside ip of the pix -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:20 AM To: Exchange Discussions Subject: RE: Help please I think I've got it! What there should be an address translation from the 172.16.1.1 (private address) to a Public address. You're trying to route a non-routable address to the outside. I don't know about proxy, but the PIX is telling you to fsck off. That 172 address HAS to be routed to a routable IP address! D Those who deny freedom to others deserve it not for themselves. -Abraham Lincoln -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED
RE: Help please
You need to get additional IP addresses. You need one IP bound to the external interface as your PAT Address only. You need additional IP's for services with duplicate ports running on different servers. Or, you can do something sneaky like setup your owa site on a different http port like 100 or 90 then use the static commands to send port 100 or 90 traffic to the internal system. Then, just have your users append a :90 to the end of the url. Pretty simple idea but effective. I do find it strange that UUNet only supplied one IP addresses although this seems to be the direction were headed until implementation of IPv6. Is this a 3 port Pix 515? Running in a DMZ config. That would account for the two private IP networks. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:43 PM To: Exchange Discussions Subject: RE: Help please Ahhh So you have wo different private IP schema's on your network? Are they aware of each other? D Cluelessness: There are no stupid questions, but there are a LOT of inquisitive idiots. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:38 AM To: Exchange Discussions Subject: RE: Help please Vpn dhcp ip for RAS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:38 PM To: Exchange Discussions Subject: RE: Help please What is that 192.x.x.x address for? D There are seldom good technological solutions to behavioral problems. - Ed Crowley -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:30 AM To: Exchange Discussions Subject: RE: Help please This is the only thing the syslog server got .226 looks like a vpn addy. Outside I have no idea. 12-18-2001 12:45:03News.Error 172.16.1.2 Dec 18 2001 09:57:13: %PIX-3-305006: regular translation creation failed for udp src inside:192.168.5.226/1350 dst outside:24.3.196.33/53 -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:28 PM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange Discussions Subject: RE: Help please Ok, so that address is only assigned to the OWA server? Is there anything else in the proxy logs that might turn something up? Proxy and the PIX are dropping the return path or something. Does the user account ever get locked out with the bad login attempts? D May you have the foresight to know where you're going, the hindsight to know where you've been, and the insight to know when you've gone too far. -Irish Toast -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18
RE: Help please
I am going to look for info right now on the port change for owa. My 1 problem is if I add a statement static inside outside with port 90 will that interfere with my other statement that maps everything to my proxy server. It is DMZ capable BUT not set up. Here is a quick and dirty diag of the set up Router Pix Proxy --- internal network containing exchange Between the inside of the pix and the outside of the proxy is the 172.16.1.0 net and the internal network is 192.168.0.0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:57 PM To: Exchange Discussions Subject: RE: Help please You need to get additional IP addresses. You need one IP bound to the external interface as your PAT Address only. You need additional IP's for services with duplicate ports running on different servers. Or, you can do something sneaky like setup your owa site on a different http port like 100 or 90 then use the static commands to send port 100 or 90 traffic to the internal system. Then, just have your users append a :90 to the end of the url. Pretty simple idea but effective. I do find it strange that UUNet only supplied one IP addresses although this seems to be the direction were headed until implementation of IPv6. Is this a 3 port Pix 515? Running in a DMZ config. That would account for the two private IP networks. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:43 PM To: Exchange Discussions Subject: RE: Help please Ahhh So you have wo different private IP schema's on your network? Are they aware of each other? D Cluelessness: There are no stupid questions, but there are a LOT of inquisitive idiots. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:38 AM To: Exchange Discussions Subject: RE: Help please Vpn dhcp ip for RAS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:38 PM To: Exchange Discussions Subject: RE: Help please What is that 192.x.x.x address for? D There are seldom good technological solutions to behavioral problems. - Ed Crowley -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:30 AM To: Exchange Discussions Subject: RE: Help please This is the only thing the syslog server got .226 looks like a vpn addy. Outside I have no idea. 12-18-2001 12:45:03News.Error 172.16.1.2 Dec 18 2001 09:57:13: %PIX-3-305006: regular translation creation failed for udp src inside:192.168.5.226/1350 dst outside:24.3.196.33/53 -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:28 PM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now
RE: Help please
Yeah. You just need to bind your owa server to port 90 or 100 and set your static command to route port 90 or 100 to the internal IP address 192.168.0.0. The proxy server redirect does not add any additional security to your existing config and just adds an additional hop. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:08 PM To: Exchange Discussions Subject: RE: Help please I am going to look for info right now on the port change for owa. My 1 problem is if I add a statement static inside outside with port 90 will that interfere with my other statement that maps everything to my proxy server. It is DMZ capable BUT not set up. Here is a quick and dirty diag of the set up Router Pix Proxy --- internal network containing exchange Between the inside of the pix and the outside of the proxy is the 172.16.1.0 net and the internal network is 192.168.0.0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:57 PM To: Exchange Discussions Subject: RE: Help please You need to get additional IP addresses. You need one IP bound to the external interface as your PAT Address only. You need additional IP's for services with duplicate ports running on different servers. Or, you can do something sneaky like setup your owa site on a different http port like 100 or 90 then use the static commands to send port 100 or 90 traffic to the internal system. Then, just have your users append a :90 to the end of the url. Pretty simple idea but effective. I do find it strange that UUNet only supplied one IP addresses although this seems to be the direction were headed until implementation of IPv6. Is this a 3 port Pix 515? Running in a DMZ config. That would account for the two private IP networks. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:43 PM To: Exchange Discussions Subject: RE: Help please Ahhh So you have wo different private IP schema's on your network? Are they aware of each other? D Cluelessness: There are no stupid questions, but there are a LOT of inquisitive idiots. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:38 AM To: Exchange Discussions Subject: RE: Help please Vpn dhcp ip for RAS -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:38 PM To: Exchange Discussions Subject: RE: Help please What is that 192.x.x.x address for? D There are seldom good technological solutions to behavioral problems. - Ed Crowley -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:30 AM To: Exchange Discussions Subject: RE: Help please This is the only thing the syslog server got .226 looks like a vpn addy. Outside I have no idea. 12-18-2001 12:45:03News.Error 172.16.1.2 Dec 18 2001 09:57:13: %PIX-3-305006: regular translation creation failed for udp src inside:192.168.5.226/1350 dst outside:24.3.196.33/53 -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:28 PM To: Exchange Discussions Subject: RE: Help please The tcp and www statement should be in a conduit permit statement... 1 IP address??? Might I ask why? D Mistakes: It could be that the purpose of your life is only to serve as a warning to others. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my
RE: Help please
Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help please No lockout That ip is the only ip associated with the proxy. All incoming requests go to it first. That's all the proxy logs seem to have regarding that connection. Im setting up the pix syslog serve now. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:51 AM To: Exchange
RE: Help please
Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit (or static) command for your internal server (proxy) static (inside,outside) tcp (external_ip) www (internal_ip) www netmask 255.255.255.255 Simply change the internal_ip to your owa server so that we can RULE out the proxy server. Make sure you do a write mem then retest. However, make sure your followed my previous advise on the host headers and ip info. Thx. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:56 AM To: Exchange Discussions Subject: RE: Help
RE: Help please
And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind a proxy server but this is not the case. I'm assuming your using some type of access-list entry like: access-list 100 permit tcp any host (external_ip) eq www and then a corresponding conduit
RE: Help please
Just partial to google. Try and see. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 2:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different then directly forwarding the port 80 packets to your internal owa server. I only say this because your behind the PIX firewall. I could understand if you were behind
RE: Help please
I use google all the time unless I already know where I need to look and what to look for. Since most every answer I have ever needed about an MS product is in their knowledge base, I'll go there. Especially, with their new Xpish search area... D Delusions: There is no joy greater than soaring high on the wings of your dreams, except maybe the joy of watching a dreamer who has nowhere to land but in the ocean of reality. - - http://www.despair.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:31 PM To: Exchange Discussions Subject: RE: Help please Just partial to google. Try and see. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 2:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible
RE: Help please
Alrighty guys I have added a dns entry and an ip address for the owa. Also I added port 90 to the existing exchange owa server. Did the static commands. All left now is to wait for it to propagate and we'll see. This will still work right even though the outside ip static maps to the inside imp through another subnet. I would assume the proxy will just pass it along. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions
RE: Help please
Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:10 PM To: Exchange Discussions Subject: RE: Help please I'm not sure I see the relevance of forwarding the ip packets to the proxy then to the internal server. Your not accomplishing anything different
RE: Help please
You cannot ping through a pix. You would have to add a ICMP any any to your ACL. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM To: Exchange Discussions Subject: RE: Help please I don't think I can take the proxy out of the picture I only have 1 ip I can use and it's the pix ip. Is it possible to map that ip in and out along with the other statement. Your last statement was correct BUT there is no tcp or www in my static statement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL
RE: Help please
Not even when im using the pix itself to ping? I can ping the proxy that is on the same net as the pix. Prob cant ping through the proxy though huh. Do I need a route entry ie Route add inside 192.168.5.0 255.255.255.0 172.16.1.1 1 Internalproxy external -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:17 PM To: Exchange Discussions Subject: RE: Help please You cannot ping through a pix. You would have to add a ICMP any any to your ACL. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original
RE: Help please
Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255 static (inside,outside) tcp (external_ip) ftp (internal_ip2) ftp netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 443 (internal_ip1) 443 netmask 255.255.255.255 static (inside,outside) tcp (external_ip) 90 (internal_ip3) 90 netmask 255.255.255.255 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:14 AM
RE: Help please
I think we are missing something. There is no possible way to not go through proxy. Hes is the only box that sees pix. Direct cable from pix internal to proxy external Proxy --Pix --router/internet -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:22 PM To: Exchange Discussions Subject: RE: Help please Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address to redirect different ports to different servers. For example: Using one IP you can setup several different redirects static (inside,outside) tcp (external_ip) www (internal_ip1) www netmask 255.255.255.255
RE: Help please
It sounds like your PIX is configured wrong. Your proxy is configured wrong for this config too. The center point in this equation should be your PIX. It does not sound like your using the DMZ so use the following strategy. Your Proxy is currently multihomed. Disable the external interface (I'm assuming your using W2k). Your probably using the proxy to control internet access only. Dunno, you tell me. No reason to cache so turn that feature off. If your filtering ports you can turn that off too. One network card that has the PIX as the default gateway and dns supplied by your ISP. Make sure the PIX is connected to your LAN (192.168.x.x). Make the modifications as stated above and previous email to your owa and proxy server. You should not be able to ping from the pix to your servers assuming you have setup your route entries correctly on the PIX: EXAMPLE: Typical config route outside 0.0.0.0 0.0.0.0 (ISP_Gateway) 1 (Default Route for Outside Interface) The Internal interface knows to send 192.168.0.0 stuff to this network assuming you assigned a 192.168.0.0 address to the internal interface. Has this been done? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:22 PM To: Exchange Discussions Subject: RE: Help please Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part
RE: Help please
That's a problem. Read previous mail. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please I think we are missing something. There is no possible way to not go through proxy. Hes is the only box that sees pix. Direct cable from pix internal to proxy external Proxy --Pix --router/internet -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:22 PM To: Exchange Discussions Subject: RE: Help please Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 9:52 AM To: Exchange Discussions Subject: RE: Help please Ahhh but the problem here is that I have web applications on 1 web server and some on another. If I redirect them to the exchange server my other sites will go down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:39 PM To: Exchange Discussions Subject: RE: Help please Yes. Using the static commands. I would not use conduit commands in 6.0 IOS. Use a static command like I described below. This way you can use 1 IP address
RE: Help please
Your making this harder then it needs to be. The PIX is your Firewall...not the proxy. Proxy is basically being used to Authenticate Internet Access to internal users. Your Proxy, Exchange Server, and OWA server, etc should be pointing directly to your PIX Firewall. The PIX Firewall should be connected to the LAN and Internet... You have options for DMZ zone but that is irrelevant. Access to your internal systems using the port redirection remains the same whether your using dmz zone or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:29 PM To: Exchange Discussions Subject: RE: Help please That's a problem. Read previous mail. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please I think we are missing something. There is no possible way to not go through proxy. Hes is the only box that sees pix. Direct cable from pix internal to proxy external Proxy --Pix --router/internet -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:22 PM To: Exchange Discussions Subject: RE: Help please Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:03 PM To: Exchange Discussions Subject: RE: Help please You need more IP addresses. You're trying to do waay too much with waaay too little. D The most satisfying thing in life is to have been able to give a large part of one's self to others. -Pierre Teilhard de Chardin
RE: Help please
VBG I've given up. I feel like charging him now. What he really needs is a consultant. ;o) D Get all over this like a donkey on a waffle. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:33 PM To: Exchange Discussions Subject: RE: Help please Your making this harder then it needs to be. The PIX is your Firewall...not the proxy. Proxy is basically being used to Authenticate Internet Access to internal users. Your Proxy, Exchange Server, and OWA server, etc should be pointing directly to your PIX Firewall. The PIX Firewall should be connected to the LAN and Internet... You have options for DMZ zone but that is irrelevant. Access to your internal systems using the port redirection remains the same whether your using dmz zone or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:29 PM To: Exchange Discussions Subject: RE: Help please That's a problem. Read previous mail. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please I think we are missing something. There is no possible way to not go through proxy. Hes is the only box that sees pix. Direct cable from pix internal to proxy external Proxy --Pix --router/internet -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:22 PM To: Exchange Discussions Subject: RE: Help please Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:07 AM To: Exchange Discussions Subject: RE: Help please Yeah that's what I figured. Damn Hey I just noticed theres a bunch of fixup protocol commands in my config. Aren't there issues with those. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED
RE: Help please
mmm. proxy will not have to network cards just one huh. Ok that's something to think about. Pix goes straight to lan as an ip. Ok no big deal. But YES I am using proxy for access control and this is a must. Will this work in this situation. I don't know. Again I have to think about this. No the pix has no 192.168 ip associated with it. What about this though. Leave the proxy for access control and outgoing internet. Use the dmz interface to connect to the lan directly and re configure to have all mx and web sites go throught the dmz interface. Is this opening me up to the world though? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:29 PM To: Exchange Discussions Subject: RE: Help please It sounds like your PIX is configured wrong. Your proxy is configured wrong for this config too. The center point in this equation should be your PIX. It does not sound like your using the DMZ so use the following strategy. Your Proxy is currently multihomed. Disable the external interface (I'm assuming your using W2k). Your probably using the proxy to control internet access only. Dunno, you tell me. No reason to cache so turn that feature off. If your filtering ports you can turn that off too. One network card that has the PIX as the default gateway and dns supplied by your ISP. Make sure the PIX is connected to your LAN (192.168.x.x). Make the modifications as stated above and previous email to your owa and proxy server. You should not be able to ping from the pix to your servers assuming you have setup your route entries correctly on the PIX: EXAMPLE: Typical config route outside 0.0.0.0 0.0.0.0 (ISP_Gateway) 1 (Default Route for Outside Interface) The Internal interface knows to send 192.168.0.0 stuff to this network assuming you assigned a 192.168.0.0 address to the internal interface. Has this been done? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:22 PM To: Exchange Discussions Subject: RE: Help please Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto
RE: Help please
No shit im sorry guys this has gotten way out of hand. I think I have a hundred directions to go off in. now I need to put in on paper and decide what the best way to go is. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:30 PM To: Exchange Discussions Subject: RE: Help please VBG I've given up. I feel like charging him now. What he really needs is a consultant. ;o) D Get all over this like a donkey on a waffle. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:33 PM To: Exchange Discussions Subject: RE: Help please Your making this harder then it needs to be. The PIX is your Firewall...not the proxy. Proxy is basically being used to Authenticate Internet Access to internal users. Your Proxy, Exchange Server, and OWA server, etc should be pointing directly to your PIX Firewall. The PIX Firewall should be connected to the LAN and Internet... You have options for DMZ zone but that is irrelevant. Access to your internal systems using the port redirection remains the same whether your using dmz zone or not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:29 PM To: Exchange Discussions Subject: RE: Help please That's a problem. Read previous mail. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please I think we are missing something. There is no possible way to not go through proxy. Hes is the only box that sees pix. Direct cable from pix internal to proxy external Proxy --Pix --router/internet -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 4:22 PM To: Exchange Discussions Subject: RE: Help please Yeah. I specifically stated not to map to your proxy first. Send straight to the 192.168.x.x of the OWA Box. ALso, you need to modify a few things on this box. This box should have one nic. I'm assuming the pix is connected to your lan. The OWA box needs to point to the pix as it's default gateway. Assign the DNS from your ISP to the OWA Box. Use static routes for local routing issues. If you perform these steps as I'm telling you then it will work. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:01 PM To: Exchange Discussions Subject: RE: Help please Well the solution I created is nto going to work. You can map inside out through the proxy to another net. It has no idea where to go.. figured this put because the pix can not ping the exchange server. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:20 PM To: Exchange Discussions Subject: RE: Help please And I would not use the M$ indicator... :P As to why you wouldn't search the MS Site, what are you talking about? One query, got three responses... I liked this one for his purpose if he disables ESMTP... http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q194131 D I only regret that I have but one life to lose for my country. -Nathan Hale -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 12:20 PM To: Exchange Discussions Subject: RE: Help please Keep the fixups and disable esmtp on the exchange server. There is a knowldedge base article on this. Use www.google.com to search for it. I would not use M$ search site. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:41 PM To: Exchange Discussions Subject: RE: Help please Ok guys heres a few developments. I already have 3 ips available I did not even know about. According to uunet that is. So now I just need to come up with a static map statement and re think how exchange is set up to retrieve mail and I should be in business. Tight now tahoe.sss-cpa.com dns points to the single ip address I was using. What I will need to do is change the mx record to point to my extra ip and static map it. Also the fixups in my config on the pix does include port 25 and 80 but when I do a no fixup on them and write t they return. Weird. Guys you have been a big help I owe you all one. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 1:13 PM To: Exchange Discussions Subject: RE: Help please The SMTP fixup is the most known problem. There are others that you may not need though... D The secret to success is - find out where the people are going and get there first. (Mark Twain) -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 10:14 AM To: Exchange Discussions Subject: RE: Help please Oh yea -Original Message- From: Ronald
RE: Help please
Can you log in via OWA on the internal network? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
check to see if they have logon locally rights -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Yes I forgot to say if they do that internally it works Also I have open tcp and udp any any on the firewall to se if it was a port issue and it had the same result. Thanks so much guys. I'm almost ready to cal M$ but then, no one learns anything. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Authenticated users have log on locally. Domain users do not. -Original Message- From: Alex Tillett [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:00 PM To: Exchange Discussions Subject: RE: Help please check to see if they have logon locally rights -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Who is M$? D Many a man's reputation would not know his character if they met on the street. -Elbert Hubbard -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 12:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Again I ask, who is this M$ you speak of? D Idiocy: Never underestimate the power of stupid people in large groups. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 1:00 PM To: Exchange Discussions Subject: RE: Help please Yes I forgot to say if they do that internally it works Also I have open tcp and udp any any on the firewall to se if it was a port issue and it had the same result. Thanks so much guys. I'm almost ready to cal M$ but then, no one learns anything. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
I believe it is a veiled reference to Microsoft. The $ is perhaps a subtle dig at the alleged wealth and influence this company has. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 December 2001 11:33 a.m. To: Exchange Discussions Subject: RE: Help please Again I ask, who is this M$ you speak of? D Idiocy: Never underestimate the power of stupid people in large groups. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 1:00 PM To: Exchange Discussions Subject: RE: Help please Yes I forgot to say if they do that internally it works Also I have open tcp and udp any any on the firewall to se if it was a port issue and it had the same result. Thanks so much guys. I'm almost ready to cal M$ but then, no one learns anything. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives
RE: Help please
I guess the fact that we make $ off of them as well is moot?? I make a good living on MS products. So I guess our employers could say the same. -Original Message- From: David Grimstone (DSLWN) [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:13 PM To: Exchange Discussions Subject: RE: Help please I believe it is a veiled reference to Microsoft. The $ is perhaps a subtle dig at the alleged wealth and influence this company has. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 December 2001 11:33 a.m. To: Exchange Discussions Subject: RE: Help please Again I ask, who is this M$ you speak of? D Idiocy: Never underestimate the power of stupid people in large groups. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 1:00 PM To: Exchange Discussions Subject: RE: Help please Yes I forgot to say if they do that internally it works Also I have open tcp and udp any any on the firewall to se if it was a port issue and it had the same result. Thanks so much guys. I'm almost ready to cal M$ but then, no one learns anything. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource
Re: Help please
David, We all know what M$ means. Don made a suble (at least he tried ;)) refference that we don't like that moniker here. /P - Original Message - From: David Grimstone (DSLWN) [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 17, 2001 6:13 PM Subject: RE: Help please I believe it is a veiled reference to Microsoft. The $ is perhaps a subtle dig at the alleged wealth and influence this company has. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 December 2001 11:33 a.m. To: Exchange Discussions Subject: RE: Help please Again I ask, who is this M$ you speak of? D Idiocy: Never underestimate the power of stupid people in large groups. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 1:00 PM To: Exchange Discussions Subject: RE: Help please Yes I forgot to say if they do that internally it works Also I have open tcp and udp any any on the firewall to se if it was a port issue and it had the same result. Thanks so much guys. I'm almost ready to cal M$ but then, no one learns anything. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Help please
Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
Administrative share on the M:\ drive. Duh. ;) -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:33 PM To: Exchange Discussions Subject: RE: Help please Who is M$? D Many a man's reputation would not know his character if they met on the street. -Elbert Hubbard -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 12:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
You keep saying that while you collect your cushy little salary due to the fact that their products are the most widely used in the world. I don't think you want to have this discussion... D It's good to shut up sometimes. -Marcel Marceau -Original Message- From: David Grimstone (DSLWN) [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:13 PM To: Exchange Discussions Subject: RE: Help please I believe it is a veiled reference to Microsoft. The $ is perhaps a subtle dig at the alleged wealth and influence this company has. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 December 2001 11:33 a.m. To: Exchange Discussions Subject: RE: Help please Again I ask, who is this M$ you speak of? D Idiocy: Never underestimate the power of stupid people in large groups. - - http://www.despair.com -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 1:00 PM To: Exchange Discussions Subject: RE: Help please Yes I forgot to say if they do that internally it works Also I have open tcp and udp any any on the firewall to se if it was a port issue and it had the same result. Thanks so much guys. I'm almost ready to cal M$ but then, no one learns anything. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:53 PM To: Exchange Discussions Subject: RE: Help please If they do http://server/exchange internally it works though? Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:54 PM To: Exchange Discussions Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: Help please
Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Help please
I think I said that I tried opening tcp and udp any any on the pix and it had no effect. I would believe this would eliminate the pix. -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 8:47 PM To: Exchange Discussions Subject: RE: Help please Have you turned up syslog on your PIX to watch the traffic? What do the logs say (both Proxy and the PIX)? My money says your issue resides in there. D It was when I found out I could make mistakes that I knew I was on to something. -Ornette Coleman -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 5:14 PM To: Exchange Discussions Subject: RE: Help please Yes that article has been followed to the letter. I apologize for the ms reference so could we get back to this. It is becoming increasingly frustrating. It SHOULD work. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 4:52 PM To: Exchange Discussions Subject: RE: Help please 1. Your MX record has no bearing on the issue - that's solely for mail routing. You need to worry about where your A record (or CNAME if that's how you're doing it) points. 2. I'm still kind of waiting for you to say that you've followed Q276388 to the letter. Whether OWA 5.5 works through proxy has nothing to do with whether OWA 2000 does; they are nowhere NEAR being the same product. -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Posted At: Monday, December 17, 2001 02:54 PM Posted To: MSExchange Mailing List Conversation: Help please Subject: RE: Help please Yeah sorry. My mx record is exchange.domain.com. when a user enters exchange.domain.com/exchange they hit the proxy. Proxy is set up to redirect any requests for this address to the internal exchange address. This is as per M$. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 3:56 PM To: Exchange Discussions Subject: RE: Help please Upgrade to version 6.0 IOS. Use the Static Port commands to redirect users to the internal OWA site instead of your Proxy Server first. This works even if your using a DMZ card. Also, can you clarify redirect my MX record exchange server address to the server? Also... How many valid static IP's to you have? Is your DNS hosted external or internal? When you upgraded did you change any of the static IP information? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 2:41 PM To: Exchange Discussions Subject: Help please I tried this on the exchange 2000 list and got very little information. I have a setup as follows: Pix Firewall--Proxy serv/IIS server--internal network containing exchange. We have had exchange 5.5 and OWA running in this config for some time. We have recently upgraded to Exchange2000 and are now having a problem connecting with owa 2000. When going to the owa site a login box comes up to log into exchange BUT it comes up three times then says access denied. I have the IIS/proxy web publishing set to redirect my MX record exchange server address to the server but can never log in. If anyone got ANY ideas I would greatly appreciate it. Ron _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives