Dear All, As per my customer requirement, we want to restrict OWA access from the internet and only LAN user will able to access it. Right now we have exchange 2010 with multiple CAS and HT servers. We are using POP3/IMAP too and OWA and POP3 URL are same. Regards, Manjeet Singh

Hi, If you in the forewall block port TCP 443 from the internet to the Exchange servers no OWA will be possible (I assume that you are using a certificate - if not you need to block TCP port 80). These ports are not used by POP3 and IMAP and therefore this should continue to work Leif

Simply you may leave blank of external OWA link or put some wrong address on that tab which can not be resolved from outside under server configuration -client access server .Don't forget to mark helpful or answer connect me :- http://in.linkedin.com/in/satya11 http://facebook.com/satya.1000

Hi Leif, if i block the 443 from external world to internal than how my RPC over HTTP user will connect? we cant do that. As per my understanding, we need to restrict this from IIS only. Regards, Manjeet Singh 

Since you want to restrict OWA but allow OA, typically you need a reverse proxy like TMG to selectively publish certain virtual directory. An alternative is to create another web site in IIS, bind it to another IP address, create another OWA/ECP virtual directory in the new web site and make this IP address invisible from outside. Not recommended as it's difficult to manage such a complicated configuration.

Li Zhen is correct. Reverse Proxy is the best option kesav