No announcement yet.

can't access owa from external IP!

  • Filter
  • Time
  • Show
Clear All
new posts

  • can't access owa from external IP!

    I just install a new exchange 2003 on windows 2003 server, I find if I use internal IP ,I can access owa, but if I use the I can't access it .why? I have forward port 80 to already.
    can anyone help?

  • #2
    Re: can't access owa from external IP!

    What sort of router / firewall you using.

    I have this problem on my personal network. For some reason my Linksys router doesn't like traffic leaving my network destined for itself again and coming back in.

    Try it from a different external IP Address.

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: can't access owa from external IP!

      Sometimes it can be the most basic thing. I cannot ping the external address that you provided. Nor can I telnet to port 80. Did you accidentally turn on ICS/Windows Firewall?

      I assume that you used a NAT route to get to your server. Even though you forwarded port 80 to your Exchange server it may not be getting traffic through. Is the firewall configured to allow port 80 traffic? Some hardware must be configured in both places to work, i.e. port forwarding and allowing the incoming traffic on that port.

      On a side note, you may want to consider purchasing an SSL certificate to run with your OWA. This will encrypt your data, particularly your network logon password and any sensitive emails. You can get a decent certificate for less than $200/year.


      • #4
        Re: can't access owa from external IP!

        Most routers/firewalls that are using NAT will not allow you to come back on yourself. So if the external IP address is being used in NAT then it will not work from inside.

        The normal way round that is to not use IP addresses at all. Use a dns name instead - so as an example. You then configure your internal DNS to respond to requests for with the internal IP address and the external (public) dns to respond with your external IP address.
        This is known as split DNS.

        As already pointed out, you should probably use SSL, which fits in nicely with the dns I have outlined above as you can only get SSL certificates for host names, not IP addresses.
        If you need an SSL certificate, then GoDaddy do them for US$20, RapidSSL for US$70 - both per year charges.
        By using a commercial SSL certificate you avoid certificate alerts when users access the server. The same certificate can also be used for RPC over HTTPS if you decide to use that feature with your users as well.

        Simon Butler
        Exchange MVP

        More Exchange Content:
        Exchange Resources List:
        In the UK? Hire me:

        Sembee is a registered trademark, used here with permission.