Re: ISA won't be my main firewall

From: Andrew Mitchell (amitchell_at_removecasey.vic.gov.au)
Date: 01/22/05 

Date: Sat, 22 Jan 2005 04:54:21 -0800

"Mark" <mark@ihatespam.com> said

> Okay, my other posts were filling up and I decided to start a new one.
>
> I want to set up OWA for Exchange 2000, but I have a Pix firewall that
> will remain my primary firewall and I don't want ISA to stand between
> the Pix and my internal network or DMZ. This however, seems to be what
> Microsoft thinks everybody will do, so the topics I'm finding about
> setting up ISA and OWA are focused on that scenario.
>
> Basically, I have Exchange 2000 on my inside network. I have a DMZ with
> my various web servers. A Pix protects all of this. I'd like to set up
> OWA and if I need ISA, I'll install it, but I don't want it to guard my
> network - in other words, it won't be my main firewall.
>
> I've been to isaserver.org and can't find a simple way to set up OWA
> unless I decide to let ISA protect my whole network. Can somebody point
> me in the direction that I want to go? I mean, an article that assumes
> ISA is not your main firewall?
>

If you don't want to use ISA all you need to do is configure the NAT routing
on the Pix to port forward port 443 (https is recommended) on your public IP
address to your exchange server's IP.

If you decide to introduce ISA, install it in your DMZ and alter the NAT
routing on the Pix so that port 443 on the public IP is forwarded to port 443
on the ISA address, and port 443 on the DMZ interface address is forwarded to
your exchange server. 

-- 
Andy.

Relevant Pages

  • Re: Changing ISPs
    ... If you are familiar with the firewall, and changing the ip on the external nic, you might get it working with the present ISP. ... I suggest you go first just change the ip address on the SBS external nic to match the settings the new ISP gives you and run the CEICW and get that to work. ... Then install the edge device but leave ISA in place. ... SMTP mail for Exchange will not be held anywhere, so a POP connector will not retrieve it. ...
    (microsoft.public.windows.server.sbs)
  • Re: Is this ISA server setup right or wrong?
    ... > pix 501 and a vpn between the sites. ... > to implement an ISA server behind the pix firewall at the ... The remote VPN subnets (private IP ...
    (microsoft.public.isa)
  • Re: Exchange implementation
    ... Publish Exchange through ISA. ... ISA is as stable and secure a firewall as anything else out ... there ain't no such thing as a 'hardware' firewall. ...
    (microsoft.public.exchange.setup)
  • RE: Firewall recommendations?
    ... Hi at my current job we use checkpoint, and I personally love that firewall ... I am not a big fan of the pix and I have never played with the ISA ...
    (Security-Basics)
  • Re: Grosse Anhänge werden nicht verschickt!
    ... >> Deinstalliere den ISA von der Maschine und nimm ein anderes Gerät ... Eine Firewall ist eine Firewall ist eine Firewall und hat auf ... >> einem Exchange - Server nix verloren. ... > Das ist mir auch klar das ISA nix auf einem Exchange zu suchen hat. ...
    (microsoft.public.de.exchange)