This article has been archived. It is offered "as is" and will no longer be updated.
Outlook clients can't connect through a firewall or proxy server which is performing Network Address Translation (NAT) between public and private networks.
When the IP packets that contain the remote procedure call (RPC) information are edited during translation, the IP packets lose the RPC connectivity information. This causes the client not to connect to the server. Additionally, Outlook may have problems resolving the name of the Microsoft Exchange Server computer behind the firewall or proxy server.
A work around for firewalls or proxy servers not based on Windows NT, is to perform a one-to-one translation between the two networks. This is also called opening a pipe or tunnel between the public and private networks. This takes all requests for a specific address on the public network and passes them directly to the private network. For additional information on configuring a one-to-one translation, please refer to your manufacturer's documentation
A one-to-one translation or pipe does not work for Windows NT-based firewalls and proxy servers because the Outlook client attempts to bind to the end-point mapper port (EPM), port 135, on the firewall. This server does not return the correct Exchange Server connectivity information to the Outlook client.
Another possible work around is to use Outlook Web Access. This only requires allowing HTTP traffic through the firewall or proxy server.
For additional information, please see the following Requests for Comments (RFCs):
RFC 1631 - The IP Network Address Translator (NAT) RFC 1918 - Address Allocation for Private Internets