OWA not reachable from outside on the Internet

I have setup my OWA server on the inside with a FE and BE.  However from the outside I have a Public IP address and when I go to that nothing comes up.  I have in my checkpoint FW nated the public IP address to the FE server internal NIC.  That way when someone goes to the Public IP address for OWA they will be routed to the internal NIC.  

Just to let you know that I have the necessary ports turned on, I'm allowing port 25 from the outside fW and my FE is in the DMZ.  From the DMZ to my internal network where my BE server is I'm allowing ports 25, 80, 52, 3268, POP3, 389, and a host of others.  So I dont know why I cant get to my OWA from the outside.  Also I tried to type http:// server IP address  and still nothing.

Please help...

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Just checking, you are allowing port 80 from Outside to the DMZ right?  Also, I would recommend SSL for OWA (port 443).  Does OWA work from the internal LAN?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
spurlockbAuthor Commented:
Yes OWA does work from the internal lan.  AS for port 80 from outside to the dmz, the test that I ran tonight was telneting on port 25 to the public ip address and i could get in.  But then again thats how mail comes in thru port 25.  So then I tried telneting to port 80 and was not able to get from the interent to the public ip address.  But then again i'm not sure if you are suppose to be able to get to port 80 of an FE from the internet.  So to answer the question I was not able to telnet to port 80 from the internet to the public IP address.
Hi spurlockb,

Getzie is right about the ports that need opening.  
Port 25 is SMTP - that's used for transferring emails between email systems.  For OWA you will need ports TCP/80 (HTTP) and TCP/443 (HTTPS) to be port forwarded to your FE server.

Make sure that you IIS configuration allows connections from all IP addresses.  Do this in IIS Manager, Exchange virtual server, properties, Directory security, IP address...

There's a very handy tutorial on this at http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html

I suggest that you check the above, and if it doesn't work, please let us know exactly what happens when you try to access the page.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

spurlockbAuthor Commented:
Should I be able to telnet to port 80 just like i was to port 25?
spurlockbAuthor Commented:
What are some test that I can do on the inside of my network to confirm that OWA is working?  Meaning what can I do to make sure that exchange FE is accepting http and smtp?  Because then I can atleast say that my internal stuff is working and then I could start looking at the firewall.

> Should I be able to telnet to port 80 just like i was to port 25?
Yes, but you need to tell it do do something:

telnet <servername> 80

(couple of returns at the end)  You should get a load of HTML, and hopefully not an error message :-)

As for internal tests - you said that you were able to access OWA internally, and that you've telnetted to port 25 from the external address.   They're the most conclusive tests in this case.

I think it's either a firewall/router problem or an issue with your IIS config.  Can you check these?
spurlockbAuthor Commented:
I will check with the firewall and router, besides that what can  I do on IIS to make sure that its not something I setup wrong.  Dont get me wrong I'm not trying to rule out the FW and router I just want to make sure 99.9 % thats its something that I didnt do.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.