none
Forwarding web access

    Question

  • Hi

    On Server SVR-DC03 I have exchange installed. I want SVR-RM01 to be facing to the Wide Area Network. How do I make it so IIS on SVR-RM01/owa forwards to SVR-DC03/owa ?

    Thanks

    Ed

    Saturday, September 21, 2013 10:00 AM

Answers

  • Hi,

    Since you want server SVR-RM01 to be an edge device, RRAS role should have been installed.

    With NAT feature you can redirect specific ports to specific addresses.

    RRAS console tree—Ipv4—NAT—properties—services and ports.

    More information about NAT please refer to:

    Network Address Translation

    http://technet.microsoft.com/en-us/library/cc731838(v=ws.10).aspx

    Hope this helps.

    Monday, September 23, 2013 7:12 AM
  • I'm trying to understand your network from the brief description you've provided, but I am having a little difficulty.

    Are both SVR-DC03 and SVR-RM01 Exchange servers? Or just SVR-DC03?

    If just SVR-DC03 is an Exchange server, then I have not heard of the ability to forward OWA unless you are using TMG or ISA Server. This is due to security reasons in the OWA CAS authentication, because CAS uses Forms Authentication, which forwarding will not support.

    You can directly port translate TCP 80 and TCP 443 to the CAS server from your firewall.

    If SRV-RM01 has RRAS installed, you can follow the suggestions by Dan JiSun.

    I suggest using a hardware firewall/NAT device, such as a Cisco ASA, Juniper, or some other type, that provide better security than using RRAS and doesn't expose your Windows servers on the internet.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, September 24, 2013 3:38 AM

All replies

  • Hi,

    Since you want server SVR-RM01 to be an edge device, RRAS role should have been installed.

    With NAT feature you can redirect specific ports to specific addresses.

    RRAS console tree—Ipv4—NAT—properties—services and ports.

    More information about NAT please refer to:

    Network Address Translation

    http://technet.microsoft.com/en-us/library/cc731838(v=ws.10).aspx

    Hope this helps.

    Monday, September 23, 2013 7:12 AM
  • I'm trying to understand your network from the brief description you've provided, but I am having a little difficulty.

    Are both SVR-DC03 and SVR-RM01 Exchange servers? Or just SVR-DC03?

    If just SVR-DC03 is an Exchange server, then I have not heard of the ability to forward OWA unless you are using TMG or ISA Server. This is due to security reasons in the OWA CAS authentication, because CAS uses Forms Authentication, which forwarding will not support.

    You can directly port translate TCP 80 and TCP 443 to the CAS server from your firewall.

    If SRV-RM01 has RRAS installed, you can follow the suggestions by Dan JiSun.

    I suggest using a hardware firewall/NAT device, such as a Cisco ASA, Juniper, or some other type, that provide better security than using RRAS and doesn't expose your Windows servers on the internet.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, September 24, 2013 3:38 AM