We help IT Professionals succeed at work.

Question on PIX506E

sbock asked
Last Modified: 2010-04-09
Is it possible to set the pix to do the following:

When a user goes to www.website.com/mail it goes to one server
When a user goes to www.website.com it goes to a different server?

In other words, my mail server is not on the same server as my website.  Is it possible to direct traffic by directory through a pix?
Watch Question


There's probably an HTTP redirect in place (in the web page / IIS server itself).
Look at the webpages in question - by going into IE > View > Source.
The PIX cannot direct traffic based on hostname.


My webserver is running Apache and i'm running exchange on a different server.  I'm trying to get OWA to work on my website, but i'm having problems.  I'm using ProxyPass and ProxyPassReverse in apache to forward all traffic that goes to /mail to OWA.  I can get a logon and password box, but then it dies.

I was just wondering if something like that is possible in a pix.  thanks.

This is not possible using just the PIX as the PIX can only "alias" using DNS names. To get this to work you can setup a HTTP redirect from your www.website.com/mail to an IP address or a second DNS name like mail.website.com which should point to an IIS virtual directory.

Also, while it is possible to get OWA working with Apache IIS is much more friendly when dealing with Exchange.


would this work with an internal IP address?  I have some extra public IPs left, but as of right now, my exchange server only has internal ip address.  Is it possible to HTTP redirect to an internal ip address?

No, and you should not send OWA directly to your backend Exchange server, it is recommended to HTTPS for OWA anyway do you have SSL on your server already? If not you can create a new IIS website that listens on port 443 open 443 on your firewall you will then be able to access the site using http://www.website.com/mail which will redirect to https://IPADDRESS OF YOUR SERVER or new DNS name that points to the same IP as www.website.com.

If you are using port 443 attached to the IP address of your current webserver already then you should add an external IP to the webserver assign a new website in IIS to that IP address install the Excahange OWA virtual directory onto IIS and now you can redirect to the new site.

> Is it possible to HTTP redirect to an internal ip address?

Something like this would do the trick:

alias (inside)
static(inside,outside) netmask
access-list 101 permit tcp any host eq www
access-group 101 in interface outside

This would make your internal IP address ( visible as on your external interface, and allow only port www in.
The alias command will allow internal clients to access, rather than the internal IP address.

Is this what you're after ?


Thanks for all of the replys.  How would you do something like this.....

I have an IIS server.  If i create one server, to listen on 443 and another server on 80.  How do i go about setting the access in my pix?  I would like people to get to OWA, but i don't want them to be able to go anywhere else.
This one is on us!
(Get your first solution completely free - no credit card required)


ok.  Thanks for the help.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.