Avatar of TRBR
TRBR asked on

Cannot connect to Exchange OWA over Cisco Site to Site VPN

Hello,

I am unable to access Exchange OWA from a remote office connected to main office via a Cisco site to site VPN.
Exchange 2013 sever is located at main office on a 192.168.0.0 /24 subnet.
Remote office is on a 10.0.0.0 /24 subnet.
Cisco 860 router each end with IPSEC VPN.
Each office has own AD domain, DNS secondary zones for the alternate office are configured at each other office.
I can successfully ping the FQDN of the Exchange server from the remote office and it resolves to the Exchange server's local IP address on the 192.168.0.0 /24 subnet.
I can connect from the remote office to other devices located at the main office via TLS/SSL no problem.
OWA is working fine from main office connecting locally and every where else via Internet.
When I try to open OWA at the remote office I just get a Page cannot be displayed error.
What should I be looking at to resolve this issue?

Thanks in advance...
ExchangeRoutersVPN

Avatar of undefined
Last Comment
TRBR

8/22/2022 - Mon
BlueYonder

From the command prompt run the following.  Replace OWA with the email server name.  The trace will stop at the problem network device.

tracert OWA
ASKER
TRBR

The trace completes successfully to the Exchange server from the remote site
Mohd_Shaikh

Hi,

Let me know first, thats exactly error that you are gettign while accessing OWA from remote site .

Thank You!
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
TRBR

I just get the standard "This page can't be displayed" in Internet Explorer 10
I can connect from the remote site to web interfaces of other devices at the main site using https no problem.
kevinhsieh

I think you need to add a NAT exception to the outside interface of the ASA so that it doesn't NAT the exchange server when sending traffic to the remote site through the outside interface.
ASKER
TRBR

I've just rechecked the config of the router and it does look to me that a NAT exemption is in place for the 192.168.0.0 /24 subnet when the destination is the 10.0.0.0 /24 subnet

These are a pair of 800 series routes that were given a basic config with Cisco Configuration Professional
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
TRBR

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
TRBR

.