Announcement

Collapse
No announcement yet.

access to OWA DMZ

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • access to OWA DMZ

    Wasn't sure whether to place this in DNS or on here.

    We've enabled https access to OWA externally which is fine and is working for webmail.ourdomain.org

    I can access this internally using https://webmail/owa/exchange again this is fine.

    Having configured a rule on the firewall and connected to a specifc wireless and permitted http, browsing is ok. The Problem is, the units are configured with webmail.ourdomain.org so I suspect this is trying to route externally.

    Is there something I could add to DNS to sort this?

    Thanks

  • #2
    Re: access to OWA DMZ

    If I understand correctly are you saying internally your users are resolving the external IP for your OWA and failing to connect to it?

    If so you can use split DNS to allow internal users to resolve the internal IP for the OWA server(s). This means you setup a new zone either for all records (which can have some impact) or just the OWA record.

    Try creating a new zone for "webmail.ourdomain.org" on your internal DNS then create an A record with nothing in the alias name box (i.e. it uses the parent domain name which is webmail.etcetc) and the IP of your internal OWA server.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: access to OWA DMZ

      Andy,

      Only the users that have smartphones such as Iphones are having the issue.

      When working external to the office it's fine, as soon as their iphone connects to the specific wireless (DMZ) at work, it no longer connects (http is fine).

      I'll give that a go and see what happens.

      Thanks

      PS - I take it I'll create this in the forwarding, and is a primary zone?
      Last edited by marcopolo; 8th January 2013, 13:05.

      Comment


      • #4
        Re: access to OWA DMZ

        Maybe I should have mentioned it's the Iphone mail exchange account that we're having issues with since it refers to webmail.ourdomain.org (so not really owa)

        Comment


        • #5
          Re: access to OWA DMZ

          If they connect to the internal wireless then they are then inside your firewall so when connecting to the external site they are now trying to go out and back in the same interface (if that makes sense).
          This is a new zone not forwarding. Right click forward lookup zones and create a new one with the full name. Do you know the internal IP for the OWA servers? Do they also have the certificate for your external name?
          Do your desktop clients access OWA ok internally?
          I assume by HTTP is ok you mean normal internet access is ok?
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: access to OWA DMZ

            Originally posted by AndyJG247 View Post
            If they connect to the internal wireless then they are then inside your firewall so when connecting to the external site they are now trying to go out and back in the same interface (if that makes sense).
            This is a new zone not forwarding. Right click forward lookup zones and create a new one with the full name. Do you know the internal IP for the OWA servers? Do they also have the certificate for your external name?
            Do your desktop clients access OWA ok internally?
            I assume by HTTP is ok you mean normal internet access is ok?
            I get that bit, that's what I thought the problem was because they would be trying to go out, then back in on the same interface.

            Ok, I'll set up and report back.

            Yep, know the IP. Our domain PC's are fine but they are on not DMZ, I tried laptop connecting to the a DMZ Wireless AP and then to via the browser owa and could get to it via https://IP/owa/exchange

            Yes, http is fine

            Comment


            • #7
              Re: access to OWA DMZ

              Cool, just wanted to make sure I was on the same page as you!
              Is it the same DNS in the DMZ as it is in the internal network? Don't suppose we can "ping" from the iPhone can we to see what address they are receiving? Either way my bet is they are receiving the external IP and are trying to go out and back in rather than DMZ just to inside network.
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: access to OWA DMZ

                No worries fella, I was wanting to ensure that too.

                Yes, same DNS.

                Alo checked the firewall rules and static routes and made sure I replicated one of our other DMZ Wireless setups which permits access to our TS servers, permitting https, which from what I read is all you require for Exchnage Activesync

                Both get a similar IP and both get the same DNS, having checked ipconfig on laptop and connected wireless on iphone/pad.

                So they are getting a correct IP.

                Btw I haven't setup the DNS zone yet.

                Also the https//exchangeIP/owa/exchange works on a laptop but not on the iphone/pad in safari
                Last edited by marcopolo; 8th January 2013, 16:38.

                Comment


                • #9
                  Re: access to OWA DMZ

                  It's working now Andy. I think the mixture of double checking the rules/routes and your help on the DNS has done it.

                  Thanks very much.

                  Mark

                  Comment


                  • #10
                    Re: access to OWA DMZ

                    no worries
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment

                    Working...
                    X