Re: Ex2K3 access through firewall



In news:DF21BE0F-6B7D-4F60-98FF-F357B44EBED9@xxxxxxxxxxxxx,
Mike Lawson <MikeLawson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
> I understand, but I have W2K and WXP clients on the WAN side using
> Outlook 2K, XP, & 2K3. If RPC over HTTP only works with the
> E2K3/OL2K3/WXP combo; what is to be done with clients that don't use
> this combination?

VPN, OWA.

> If I put the Ex2K3 server either on the LAN or DMZ
> I still have to open ports for the non-RPC over HTTP users to get to
> Ex2K3.

Yes, but your Exchange server does not belong in a DMZ. You have to open up
too many ports between DMZ and LAN to make it work - so you don't even have
a DMZ anymore.

> OWA doesn't look like a possibility since many of these same
> users archive data to .pst files which aren't accesssible via OWA.

Not a good idea anyway. Avoid PST files. If the data is important, it
belongs in the mailbox - or perhaps in an archive folder you set up for them
in the PF tree.

>
> And since every user doesn't have a high speed connection VPN would
> be a dog for connectivity. There has got to be a reasonable
> alternative.

POP or IMAP....but I don't recommend it; they don't get the full mailbox,
GAL, PFs, etc. If they don't all have broadband, and can't get it, it's just
not going to be fun for them, no matter what. OL2003 in cached mode makes
life a lot easier regardless of how one connects.

Thanks, Mike Lawson
>
> "Lanwench [MVP - Exchange]" wrote:
>
>>
>>
>> In news:F9110FA7-DB5B-4D38-95D0-1842CCF0821E@xxxxxxxxxxxxx,
>> Mike Lawson <MikeLawson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
>>> Scenario: Ex2K3 on W2K3 on firewall DMZ. The users are wan and lan
>>> based. Clients use Outlook 2000, XP, & 2003 running on W2K or WinXP.
>>> Wan clients need access to Ex2K3 on DMZ.
>>>
>>> What ports do I need to open on the firewall in order for the
>>> various Outlook clients running on the two different OSs to have
>>> access to Ex2K3 in order to connect as Exchange corp clients? I've
>>> seen several similar posts that refer to documents on RPC over
>>> HTTP, but then the article says this is a WinXP feature ("RPC over
>>> HTTP on the client-side is a Windows XP feature"); so this config
>>> would not help the W2K OS clients.
>>>
>>> Thanks, Mike Lawson
>>
>> VPN, or RPC over HTTP (which works with E2003 and OL2003 on WinXP
>> SP1/SP2 only).
>>
>> Don't just open ports. Seriously. Also, I do not recommend that you
>> have your Exchange server in a DMZ....you're defeating the purpose
>> of a DMZ by doing this. Stick the server behind the firewall and
>> control access to it therein.


.

Relevant Pages

  • Re: Ex2K3 access through firewall
    ... Mike Lawson typed: ... > impossible to connect a OL2K client running on W2K through a firewall ... > to Ex2K3 running on W2K3 sitting on the DMZ'. ... > message in OWA - "Moving or copying items between Exchange servers is ...
    (microsoft.public.exchange.setup)
  • Error creating new message in OWA
    ... Using Exchange (OWA) 2000 on W2K Servers, ... end is in the DMZ, is authenticating fine to the DC's in ... Most of these clients don't even have ...
    (microsoft.public.exchange2000.clients)
  • Should internal Exchange clients be redirected to "DMZ" to access OWA from there ?
    ... Some network folks in my organization believe that if clients are accessing ... OWA from the internal network, they should be 'redirected' to the DMZ (where ...
    (microsoft.public.exchange.admin)
  • Re: OWA stalls while loading in IE 6.0
    ... When internal users are connecting to OWA, ... For those of you that say that some internal clients are exhibiting this ... Is Internet Connection Firewall ...
    (microsoft.public.exchange.clients)
  • Re: Access denied on network share in an other domain
    ... Are the clients transferring files straight into the live service on the DMZ; or are they transferring them to you to do something with? ... I don't see any reason for your internal network to trust the DMZ ...
    (microsoft.public.windows.server.security)