sbock
asked on
Question on PIX506E
Is it possible to set the pix to do the following:
When a user goes to www.website.com/mail it goes to one server
When a user goes to www.website.com it goes to a different server?
In other words, my mail server is not on the same server as my website. Is it possible to direct traffic by directory through a pix?
When a user goes to www.website.com/mail it goes to one server
When a user goes to www.website.com it goes to a different server?
In other words, my mail server is not on the same server as my website. Is it possible to direct traffic by directory through a pix?
ASKER
My webserver is running Apache and i'm running exchange on a different server. I'm trying to get OWA to work on my website, but i'm having problems. I'm using ProxyPass and ProxyPassReverse in apache to forward all traffic that goes to /mail to OWA. I can get a logon and password box, but then it dies.
I was just wondering if something like that is possible in a pix. thanks.
I was just wondering if something like that is possible in a pix. thanks.
This is not possible using just the PIX as the PIX can only "alias" using DNS names. To get this to work you can setup a HTTP redirect from your www.website.com/mail to an IP address or a second DNS name like mail.website.com which should point to an IIS virtual directory.
Also, while it is possible to get OWA working with Apache IIS is much more friendly when dealing with Exchange.
Also, while it is possible to get OWA working with Apache IIS is much more friendly when dealing with Exchange.
ASKER
would this work with an internal IP address? I have some extra public IPs left, but as of right now, my exchange server only has internal ip address. Is it possible to HTTP redirect to an internal ip address?
No, and you should not send OWA directly to your backend Exchange server, it is recommended to HTTPS for OWA anyway do you have SSL on your server already? If not you can create a new IIS website that listens on port 443 open 443 on your firewall you will then be able to access the site using http://www.website.com/mail which will redirect to https://IPADDRESS OF YOUR SERVER or new DNS name that points to the same IP as www.website.com.
If you are using port 443 attached to the IP address of your current webserver already then you should add an external IP to the webserver assign a new website in IIS to that IP address install the Excahange OWA virtual directory onto IIS and now you can redirect to the new site.
If you are using port 443 attached to the IP address of your current webserver already then you should add an external IP to the webserver assign a new website in IIS to that IP address install the Excahange OWA virtual directory onto IIS and now you can redirect to the new site.
> Is it possible to HTTP redirect to an internal ip address?
Something like this would do the trick:
alias (inside) 192.168.0.49 80.227.104.242 255.255.255.255
static(inside,outside) 80.227.104.242 192.168.0.49 netmask 255.255.255.255
access-list 101 permit tcp any host 80.227.104.242 eq www
access-group 101 in interface outside
This would make your internal IP address (192.168.0.49) visible as 80.227.104.242 on your external interface, and allow only port www in.
The alias command will allow internal clients to access 80.227.104.242, rather than the internal IP address.
Is this what you're after ?
Something like this would do the trick:
alias (inside) 192.168.0.49 80.227.104.242 255.255.255.255
static(inside,outside) 80.227.104.242 192.168.0.49 netmask 255.255.255.255
access-list 101 permit tcp any host 80.227.104.242 eq www
access-group 101 in interface outside
This would make your internal IP address (192.168.0.49) visible as 80.227.104.242 on your external interface, and allow only port www in.
The alias command will allow internal clients to access 80.227.104.242, rather than the internal IP address.
Is this what you're after ?
ASKER
Thanks for all of the replys. How would you do something like this.....
I have an IIS server. If i create one server, to listen on 443 and another server on 80. How do i go about setting the access in my pix? I would like people to get to OWA, but i don't want them to be able to go anywhere else.
I have an IIS server. If i create one server, to listen on 443 and another server on 80. How do i go about setting the access in my pix? I would like people to get to OWA, but i don't want them to be able to go anywhere else.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok. Thanks for the help.
Look at the webpages in question - by going into IE > View > Source.
The PIX cannot direct traffic based on hostname.