We have a office sharepoint 2007 server located in a dev network (192.168.4.x) (AD server, sharepoint server, exchange server and workstation on this network) . . . this network is separated from our core network (192.168.3.x) via a PIX firewall . . . I am trying to access the sharepoint website from the core network via IE7 . . . i get the login prompt, but once i log in i get a page cannot be displayed error . . . if i am on the dev network i can access the website through IE7 fine . . . i have the virtual servers in IIS on the MOS server configured for both integrated windows authentication and basic authentication . . . I have all the virtual server ports opened up in the PIX firewall.
I must be missing something. Anyone have any suggestions as to what i might have configured incorrectly . . .
Below is a copy of my PIX config . . .
vspix# sh run
: Saved
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password diZm7iuzZPc9fpey encrypted
passwd diZm7iuzZPc9fpey encrypted
hostname vspix
domain-name montana.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.4.20 vsdc01
name 192.168.4.21 vsms01
name 192.168.4.23 vsmos01
name 192.168.4.22 vs-pc01
object-group service mail tcp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq pop3
port-object eq 1025
port-object eq 3389
object-group service moss tcp
port-object eq www
port-object eq https
port-object eq 3389
port-object eq 8080
port-object eq 34147
port-object eq 18628
port-object eq 56737
port-object eq 56738
port-object eq 8099
port-object eq 8098
access-list inbound permit icmp any any
access-list inbound permit tcp any host 192.168.3.15 object-group mail
access-list inbound permit tcp any host 192.168.3.16 eq 3389
access-list inbound permit tcp any host 192.168.3.17 eq 3389
access-list inbound permit tcp any host 192.168.3.18 object-group moss
pager lines 24
logging on
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 192.168.3.15 255.255.255.0
ip address inside 192.168.4.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.3.16 vsdc01 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.3.17 vs-pc01 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.3.15 vsms01 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.3.18 vsmos01 netmask 255.255.255.255 0 0
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.3.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
username inlynx password diZm7iuzZPc9fpey encrypted privilege 15
terminal width 80
Cryptochecksum:44cf2d6045c4402cd1f78692ed777695
: end
vspix# wr mem
Building configuration...
Cryptochecksum: 313d38cd 82315e45 a492a992 250c5c00
[OK]