Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Allow users to access OWA from LAN using same URL outside of WAN

Posted on 2008-10-22
3
583 Views
Last Modified: 2012-05-05
I have a newly setup OWA server.  It is encrypted using SSL 128-bit.  I would like my users to be able to connect to the OWA server using the same url from the intranet as they would using the internet.  For example they connect to:  https://mail.example.com/exchange from the internet;  however from our intranet they have to use the server's actuall name https://exampleserver/exchange.  This obviously generates a security warning that the certificiate doesn't match the website.  

Is this a DNS server configuration or do I need to allow some sort of intratraffic command to my CISCO ASA?
0
Comment
Question by:Zorniac
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 22775929
You can do it in one of two ways - the simplest is to create a DNS forward lookup zone on your internal DNS server
called example.com then create a host (a) record inside it called mail that points to your INTERNAL IP address - so mail.example.com resolved to the internal address without going through the firewall :)

to get your firewall to do it

With Newer Firewalls (PIX v7 upwards and Cisco ASA) your choice depends on....

"WHERE THE DNS SERVER IS THE CLIENTS ARE USING"

*****Option 1 (The DNS server that the client are using is outside (in the internet cloud) DNS Doctoring*****

Note: NOT Available for v6 or earlier firewalls

In this scenario you can use DNS Doctoring (Or rewriting) this is where the firewall monitors incoming DNS replied form a public DNS server, and if it sees your public IP address it changes it "In flight" to your private IP address.

For anyone familiar with the Static command you need a to write a Static the WRONG way round and put the word "dns"  on the end of the command.

Example

static (inside,outside) {Inside IP} {Outside IP} netmask 255.255.255.255 dns
e.g.
Static (inside,outside) 10.254.254.10 123.123.123.123 netmask 255.255.255.255 dns

*****Option 2 (The DNS server is internal or external) - Hair pinning*****

Note: NOT Available for v6 or earlier firewalls

Assuming you dont want to create in internal DNS zone (that would remove the processing overhead form the firewall and place it on a server) Then you can use Hair pinning. Essentially the firewall will "re-route" traffic destined to the public IP address back to its private address. Like DNS doctoring it uses a static command but without the DNS keyword. It also needs s a second command to enable "hair pinning"

example
static (inside,inside) {Outside IP} {Inside IP} netmask 255.255.255.255
same-security-traffic permit intra-interface
e.g.
static (inside,inside) 123.123.123.123 10.254.254.10 netmask 255.255.255.255
same-security-traffic permit intra-interface
0
 
LVL 1

Author Closing Comment

by:Zorniac
ID: 31508737
PeteLong- SWEET Answer man!!  Very quick response. Very detailed!  I tried the intra-interface approach but it didn't work for me.  Propably something on me... but hey the first and "simplest" answer you gave worked!!  Thanks dude you rock!  
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 22776427
Cheers M8 - my pleasure - have a good one
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn about cloud computing and its benefits for small business owners.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question