This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nat on port 443 not working

hello

I just installed a sbs server with exchange 2010. Now i know already that my isp blocks port 443 so in order for me to use Outlook Web Access from the internet i created the following nat rule:

traffic selector: Any -> port 12127 (or any other port of choice) -> External (WAN)
Dest. transaltion: Exchangeserver -> https service

Now, from the internet (another range then the one of my isp) i can reach the standard IIS page but if i try to go to the owa page(MyServer - Web hosting information and review | Just another WordPress site) i get as the classic certificate error on which i chose to continue anyway and then the following error page appears:

Forbidden
You don't have permission to access /owa/auth/logon.aspx on this server
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request

What am i missing here? Owa works perfectly in the lan, it also works if i change the nat port 12127 to 443 (but and only from other networks of the same isp cos as i mentioned my isp won't allow port 443 to be reachable from other isp's networks). So i am pretty sure is not a IIS or certificate issue.

Anyone help please?

Ed

Sophos UTM9 - 9.006-5

This thread was automatically locked due to age.

Parents

0 tekpoint over 11 years ago

Just a quick update/conclusion for those who might come across the same issue that i had

I just reinstalled my SBS and i came to the conclusion of this not being a UTM neither Exchange related problem but merely an ISP limitation. The solutions we discussed:
Doing a NAT translation to port 443: This will not work in exchange, since (as already mentioned) Exchange is hard-coded (for Outlook Anywhere) to work on port 443. Morover I think it could become pretty messy also with the configuration of Outlook on the client side.
Using the alternative SSL port 8443: Not going for the same reasons mentioned above.
So my only solution/conclusion (I know i am getting out of the UTM field but it might help somebody having the same problem who stumbles upon this post): change your ISP to one that will allow incoming traffic on 443.
If you live in Belgium, you might chose Belgacom where 443 is blocked per default but you can have them open it with a simple phone call. Telenet is the only ISP in Belgium so far to my knowledge that absolutely doesn't allow incoming 443 for residential subscriptions, all the others are pretty flexible in it.
Cheers all and thanks for your time and answers!
Ed
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tekpoint over 11 years ago

Just a quick update/conclusion for those who might come across the same issue that i had

I just reinstalled my SBS and i came to the conclusion of this not being a UTM neither Exchange related problem but merely an ISP limitation. The solutions we discussed:
Doing a NAT translation to port 443: This will not work in exchange, since (as already mentioned) Exchange is hard-coded (for Outlook Anywhere) to work on port 443. Morover I think it could become pretty messy also with the configuration of Outlook on the client side.
Using the alternative SSL port 8443: Not going for the same reasons mentioned above.
So my only solution/conclusion (I know i am getting out of the UTM field but it might help somebody having the same problem who stumbles upon this post): change your ISP to one that will allow incoming traffic on 443.
If you live in Belgium, you might chose Belgacom where 443 is blocked per default but you can have them open it with a simple phone call. Telenet is the only ISP in Belgium so far to my knowledge that absolutely doesn't allow incoming 443 for residential subscriptions, all the others are pretty flexible in it.
Cheers all and thanks for your time and answers!
Ed
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data