This article was previously published under Q291615
For a Microsoft Outlook 2000, Outlook 98 and Outlook 97 version of this article, see 238390.
For a Microsoft Outlook Web Access 5.5 version of this article, see 238954.
Microsoft Outlook clients cannot connect through a firewall or proxy server that is performing Network Address Translation (NAT) between public and private networks.
When the IP packets that contain the remote procedure call (RPC) information are edited during translation, the IP packets lose the RPC connectivity information. This causes the client not to connect to the server. Additionally, Outlook can have problems resolving the name of the Microsoft Exchange Server computer behind the firewall or proxy server.
A work around for firewalls or proxy servers that are not based on Microsoft Windows NT is to perform a one-to-one translation between the two networks. This is also called "opening a pipe or tunnel" between the public and private networks. This takes all requests for a specific address on the public network and passes them directly to the private network. For additional information on about how to configure a one-to-one translation, please refer to your manufacturer's documentation
A one-to-one translation or pipe does not work for Windows NT-based firewalls and proxy servers because the Outlook client attempts to bind to the end-point mapper port (EPM), port 135, on the firewall. This server does not return the correct Exchange Server connectivity information to the Outlook client.
Another possible work around is to use Outlook Web Access. This only requires allowing HTTP traffic through the firewall or proxy server.
For additional information, please see the following Requests for Comments (RFCs):
RFC 1631 - The IP Network Address Translator (NAT) RFC 1918 - Address Allocation for Private Internets
These RFCs can be found at the following Web site: