We help IT Professionals succeed at work.

Restrict Outlook Web Access from outside the LAN

First Last
First Last asked
on
I am looking for a way that I can limit access to OWA from outside my LAN.  We have a number of staff who use OWA internally but who should not be using it at home.  I need to find a way to restrict access to OWA from outside the LAN to a select group of employees while allowing everyone to use it internally.  I had heard this can be done using the Outlook Web Access Administration tool but don't see how after trying it this afternoon.  Any advice would be very much appreciated!
Comment
Watch Question

Jon BrelieSystem Architect
CERTIFIED EXPERT

Commented:
In IIS restrict access to your internal LAN subnet
Jon BrelieSystem Architect
CERTIFIED EXPERT

Commented:
PS: if you need specific instructions, please let me know what version of Exchange you are using

Author

Commented:
That would restrict it for everyone.  I need a subset of users (management and IT) to be able to use OWA from outside the LAN while restricting everyone else to internal use only.

Author

Commented:
Sorry, exchange 2003, I should have posted that.
System Architect
CERTIFIED EXPERT
Commented:
Hrmm... I'm not certain exactly how it's done with 2003, but I would turn on another instance of OWA using a different IP address on the same system.  Set your original to only be accessible from LAN ips and use your default DNS for it.

On the new instance, secure it using NTFS permissions for your select group and call it something like remotemail.yourdomain.com

Author

Commented:
Ok, I get the basic idea there.  Can you point me to any documentation that might help me setup the new instance of OWA without breaking the existing one?  :)
Jon BrelieSystem Architect
CERTIFIED EXPERT

Commented:
Start here.  It's tough to find since I don't think many people were doing it before Ex07/2010, but about 2/3 of the way down on this site, there are some good instructions:

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/82b28fdd-fa6d-4f4b-aead-a986fecfbf3f/

I'm sure there's more out there... just a bit hard to find.

Author

Commented:
Thanks for the assist!