I have created an OWA exchange 2003 on a STD SP1 2003 server.
Initially I created it on the inside network and tested connections. It was redirecting as it should to the internal exchange server. I would hit the https://
DMZBOXFQDN/exchange on the new server and get redirected to OWA on the main exchange box.
I created a DMZ on their Firebox and moved the OWA machine to the DMZ network adjusting the IPs at need.
I created the holes I needed on the Firebox.
I can ping and RDP to the OWA box on the DMZ by IP and by FDQN.
From the physical OWA box on the DMZ I can hit the outside world and internal resources on the internal network.
They have not purchased an SSL cert yet, but I can hit the OWA box (from the outside) on the DMZ by IP for a 'under construction' message. My outside to DMZ IP redirect is working.
I can also hit the OWA box (from the outside) with an http:/DMZBOX_IP
/oma tag to get the standard OMA errror message. So I am hitting the DMZ from the outside. Ports look good.
I can RDP to the new OWA box on the DMZ (thru citrix to the inside network), open a browser on DMZOWA, and get to OWA on the inside Exchange box by using the inside exchange's https:/MXBOXFQDN/exchange
. Ports look good.
I can hit the http://DMZBOXFQDN/oma
tag on the DMZ box from the inside network for testing. I get the standard OMA error message.
I can telnet (to inside ip) 25 and 80 to the DMZBOX from the inside and get the proper response. 443 fails.
I can telnet (to outside IP) to 25 and 80 from the outside and get the proper response (443 is not live yet)
All of that seems to tell me ports and connections are shiny.
What I can't do is now get redirection back to the inside Exchange box when I hit the https://DMZBOXFQDN/exchange
Not even on the physical box itself.
This company is using a new WatchGuard Firebox. I'm a Cisco guy, but the ports seem right because I can hit the DMZ from the outside (for testing, even without an SSL) and I can get to the inside Exchange Server OWA directly from the DMZ OWA box itself. That would tell me the ports from outside to DMZ and from DMZ to inside are correct.
To sum up:
: Cannot Display Web Page
: Get OMA default error page off of server
:Cannot Display Web Page
: Cannot Display Web Page
(inside MX server): Connect
From Physical DMZ OWA box
: Cannot Display
(inside MX Server) : Connect
This was all working fine when I built the box. I was just hoping the last part was just to wait for them to buy an SSL cert. I'm not concerned about outside errors until the cert gets installed. I need to know internal redirection works.