Re: frontend server in perimiter
- From: Jonathan Norris <JonathanNorris@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 7 Jan 2006 19:31:02 -0800
INET--->PIX---->ISA/SMTP (DMZ)-->PIX----Exchange (Internal)
Use ISA to proxy OWA and RPC/HTTPS
Use SMTP Gateway to offload Mail, could do it on the same box.
Why enable RPC, SMTP, SSL, HTTP, and a bunch onf other ports through your
firewall.
DMZ doesn't mean secure at all....
--
Jonathan
No Warrenties Implied, Did you do a FULL backup today??????
"Exchange 2003 connection problem" wrote:
> Andy,
>
> Is that the reason I cannot communicate with the domain servers...?
> Why can I use remote desktop ( from the Domian lan ) to the other servers
> in the perimiter and not to the FE server,...
> I cannot reach the FE server from the other server in the perimiter but I
> see the FE in their workgroup, but thats as far as it goes.
> I am satisfied with your advice , I will put the FE server back in the
> domain with the perimiter ip-adress , and then put the FE back in the
> perimiter , configure ip-sec and
> configure certifivates on the FE server for the OWA users.
>
> "Andy David - [MVP]" wrote:
>
> > On Sat, 7 Jan 2006 13:24:02 -0800, "Exchange 2003 connection problem"
> > <Exchange2003connectionproblem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >
> > >Andy,
> > >
> > >Does this mean I have to give my FE exchange 2003 server a ip-adress in the
> > >domain range and it will keep the adress while standing in the perimiter.
> > >Thats what I am making up out of this,..I will try this monday first thing
> > >thank u for the fast reply...
> >
> > No, it means put the server back behind the firewall and re-add it to
> > the domain.
> >
> > >
> > >"Andy David - [MVP]" wrote:
> > >
> > >> On Sat, 7 Jan 2006 06:41:01 -0800, "Exchange 2003 connection problem"
> > >> <Exchange2003connectionproblem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > >>
> > >> >Sinds I have put my exchange FE server in the perimiter, and configured the
> > >> >proper ports on my cisco pix firewall , now no communication to the Domain is
> > >> >possible.
> > >> The Front End server should be behind the firewall with a reverse
> > >> proxy in the DMZ.
> > >>
> > >> >I can send ping do, I must mention that I have configured my FE server when
> > >> >it was still in my Domain, I placed it in the perimiter and changed the
> > >> >membership to the workgroup , changed the Ip adress .
> > >>
> > >> Changed its membership to a workgroup? An exchange server has
> > >> to be a domain member.
> > >>
> > >> >I can use remote desktop for my other servers in the perimiter, so I guess
> > >> >its a local problem on my FE server.
> > >>
> > >> Yea, its in the DMZ and its no longer part of the domain
> > >> >I need to configure ipsec for secure communication but thats not the issue
> > >> >for having no communication to my intranet , I need to set up OWA for my
> > >> >users and am in kind of a hurry so all the help is welcome...
> > >> >
> > >>
> > >> Put it back behind the firewall, make it a domain member. Get
> > >> yourself a reverse-proxy and put that into the DMZ.
> > >>
> > >>
> > >> >
> > >> >
> > >>
> >
.
- Follow-Ups:
- Re: frontend server in perimiter
- From: andy webb
- Re: frontend server in perimiter
- References:
- Re: frontend server in perimiter
- From: Andy David - [MVP]
- Re: frontend server in perimiter
- From: Andy David - [MVP]
- Re: frontend server in perimiter
- From: Exchange 2003 connection problem
- Re: frontend server in perimiter
- Prev by Date: Re: frontend server in perimiter
- Next by Date: Re: frontend server in perimiter
- Previous by thread: Re: frontend server in perimiter
- Next by thread: Re: frontend server in perimiter
- Index(es):
Relevant Pages
|
