AdoBeebo
asked on
Configure OWA behind 2 firewalls.
I'm trying to configure OWA on my domain.
Here's the setup:
Firewalled Modem at the front (Linksys AM200)
-Ports 25 and 443 forwarded to Router
Firewalled Router (Linksys WRVS4400N)
-Ports 25 and 443 forwarded to SBS 2003
SBS 2003
I have to have the devices setup in this order because the domain is in my home and there are non-domain wireless devices that need to use the router to get an internet connection. So moving the SBS server forward isn't an option. But I shouldn't think it needs to be.
My website is hosted with 1and1 and will continue with them. It is "www.mydomain.com". I have created a sub-domain and modified the DNS so that it points to my IP address which is called "vpn.mydomain.com".
I have configured OWA as the only webservice available on the SBS. When I browse to this address I get a gateway timeout error (504).
https://vpn.mydomain.com/exchange
I am not using ISA Server. I can browse to the site from the LAN. I cannot telnet from an external location to 443 or 25 using my IP address (might be related to my modem setup, I'm not on site to check this at time of writing). When I look in the settings for the "exchange" site in IIS I have SSL configured with 128-bit encryption.
These are some of my thoughts:
-Do I need to setup a host header for "exchange" so that it can detect an incoming request from the https://vpn.mydomain.com/exchange address, or should it get it automatically?
-Do I need to modify the address I am attempting to connect to so that it is https://SBS.vpn.mydomain.com/exchange? I keep seeing pointers to use FQDN on google and wonder if that means I should include the hostname?
Any help, pointers, advice or other tests I should try will be greatly appreciated
Here's the setup:
Firewalled Modem at the front (Linksys AM200)
-Ports 25 and 443 forwarded to Router
Firewalled Router (Linksys WRVS4400N)
-Ports 25 and 443 forwarded to SBS 2003
SBS 2003
I have to have the devices setup in this order because the domain is in my home and there are non-domain wireless devices that need to use the router to get an internet connection. So moving the SBS server forward isn't an option. But I shouldn't think it needs to be.
My website is hosted with 1and1 and will continue with them. It is "www.mydomain.com". I have created a sub-domain and modified the DNS so that it points to my IP address which is called "vpn.mydomain.com".
I have configured OWA as the only webservice available on the SBS. When I browse to this address I get a gateway timeout error (504).
https://vpn.mydomain.com/exchange
I am not using ISA Server. I can browse to the site from the LAN. I cannot telnet from an external location to 443 or 25 using my IP address (might be related to my modem setup, I'm not on site to check this at time of writing). When I look in the settings for the "exchange" site in IIS I have SSL configured with 128-bit encryption.
These are some of my thoughts:
-Do I need to setup a host header for "exchange" so that it can detect an incoming request from the https://vpn.mydomain.com/exchange address, or should it get it automatically?
-Do I need to modify the address I am attempting to connect to so that it is https://SBS.vpn.mydomain.com/exchange? I keep seeing pointers to use FQDN on google and wonder if that means I should include the hostname?
Any help, pointers, advice or other tests I should try will be greatly appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi thanks for your comments. I'm planning on setting up a VPN from the router to another router of the same model at a remote site on Monday, so I might not be able to disable SSL VPN. It's a good point though, I hadn't considered it might be interfering with 443 traffic. I had already tried the modem in bridge mode last night before I read your comment, but the same result e.g. no OWA.
One of the wireless devices only works through DHCP but as a fudge I got it working through the WRVS4400N using an address reservation in the router config even though DHCP has been disabled. I'll try giving it an address reservation in SBS and dropping the router to AP mode. Then I might have to make the hard choice of VPN or OWA.
I won't be able to look into it until later tonight or tomorrow, but I'll keep you posted. Thanks again, I really appreciate your advice.
One of the wireless devices only works through DHCP but as a fudge I got it working through the WRVS4400N using an address reservation in the router config even though DHCP has been disabled. I'll try giving it an address reservation in SBS and dropping the router to AP mode. Then I might have to make the hard choice of VPN or OWA.
I won't be able to look into it until later tonight or tomorrow, but I'll keep you posted. Thanks again, I really appreciate your advice.
Very welcome, let us know how it goes.
Have you tried taking the WRVS4400N out of the picture just as a test to verify it is the problem?
Have you tried taking the WRVS4400N out of the picture just as a test to verify it is the problem?
ASKER
Hi RobWill
I would have done that to test with, but i've inadvertantly killed the server by disabling the POP3 Connector service. Let that be a warning to anyone casually browsing this page. Don't disable the POP3 Connector service. It seems to be *critical*. I've restored from a backup which is causing it's own problems, and may rebuild it entirely over the next week. When I'm back up and running, I'll inevitably hit this problem again and I'll post my progress back here.
Cheers
AdoBeebo
I would have done that to test with, but i've inadvertantly killed the server by disabling the POP3 Connector service. Let that be a warning to anyone casually browsing this page. Don't disable the POP3 Connector service. It seems to be *critical*. I've restored from a backup which is causing it's own problems, and may rebuild it entirely over the next week. When I'm back up and running, I'll inevitably hit this problem again and I'll post my progress back here.
Cheers
AdoBeebo
Good luck with it AdoBeebo. Let us know how you make out.
--Rob
--Rob
Not sure I understand this. Couldn't the modem be put in bridge mode or the wireless unit be made an access point rather than a router? This would eliminate 1 routing hop.