We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

OWA not working externally after changing the router to a CISCO 877

Medium Priority
675 Views
Last Modified: 2013-11-16
Hi, I recently changed our router to a cisco 877, the exchange/owa Server and port used have not changed. I added the NAT and acl for owa to the new router. all other NAT and ACL are working fine and are similar to my OWA entry. I've checked IIS /exchweb and made sure to uncheck SSL. I am not using the defauilt port. This is set to 8081.

ip nat inside source static tcp xxx.xxx.xxx.7 interface Dialer0 8081
.
.
.

access-list 101 permit ip any host xxx.xxx.xxx.7
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq 8081

Has anybody experienced this issue berfore? any comments/suggestions greatly accepted. NAT and ACL also included in CODE: section
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp xxx.xxx.xxx.7 interface Dialer0 25
ip nat inside source static tcp xxx.xxx.xxx.6 interface Dialer0 21
ip nat inside source static tcp xxx.xxx.xxx.6 interface Dialer0 80
ip nat inside source static tcp xxx.xxx.xxx.6 interface Dialer0 22
ip nat inside source static tcp xxx.xxx.xxx.7 interface Dialer0 8081
ip nat inside source static tcp xxx.xxx.xxx.19 80 xxx.xxx.xxx.xxx 80 extendable
!
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended SDM_IP
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended SSH
 remark SDM_ACL Category=128
 permit ip any host xxx.xxx.xxx.6
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit xxx.xxx.xxx.xxx 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit xxx.xxx.xxx.xxx 0.0.0.255
access-list 2 deny   any
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host xxx.xxx.xxx.7
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq 8081
****** I added today to see if it would make any difference **********
access-list 101 permit tcp any host xxx.xxx.xxx.xxx eq 8081
********************************************************************************
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host xxx.xxx.xxx.6
access-list 102 permit ip any host xxx.xxx.xxx.19
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host xxx.xxx.xxx.7
access-list 104 remark VTY Access-class list
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip xxx.xxx.xxx.xxx 0.0.0.255 any
access-list 104 deny   ip any any

Open in new window

Comment
Watch Question

Expert of the Quarter 2009
Expert of the Year 2009

Commented:
OWA doesn't like using other ports. I have never had much success on using a port other than 80 and 443. If you want to use any other feature like RPC over HTTPS, or Exchange ActiveSync then you must use the native port as they are hard coded to those ports.

Simon.
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Thanks guy's
I can telnet to port 8081 internally but not externally.
We use the url http://xxx.xxx.xxx.7:8081/exchange. Works ok internally.
same format when using the external IP address. I think it would be a ACL issue?

Author

Commented:
I have it working now. I think your right about using other than default. I added another public IP address to the router and changed OWA to use the default. Worked straight away. still confused why it worked with the old router.... :-)

Commented:
Thats the default behaviour ...Anyways Now you know whats happening and how to browse it ?

Author

Commented:
sorry Mestha:I meant to split the points!!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.