Re: VPN-Zugrigg auf Ex2k schlägt fehlt

Hallo Daniel,

funktioniert nun einwandfrei. Danke!

Gruß
Karsten


"Daniel Melanchthon [MSFT]" <danielme@xxxxxxxxxxxxxxxxxxxx> schrieb im
Newsbeitrag news:OzwXIxYUFHA.3176@xxxxxxxxxxxxxxxxxxxxxxx
> Karsten Hoeller schrieb:
>> auf der gateProtect-Firewall sind folgende Ports ein- und ausgehend für
>> Exchange freigegeben:
>
> Da fehlt zumindestens Port 135 - der RPC Endpointmapper. Schau Dir mal
> folgenden Webcast an, darin ist erklärt, wie es geht:
>
> Support WebCast: Microsoft Exchange 2000 Server Connectivity Through a
> Firewall
> http://support.microsoft.com/kb/324459/EN-US/
>
> Zitat: "First off, our MAPI client has to be able to talk to the end-point
> mapper. That's TCP port 135 on Exchange servers and domain controllers.
> The reason it needs to do this on domain controllers is with Exchange
> 2000, Outlook 98, Outlook 2000, and Outlook 2002, we're going to talk
> directly to a domain controller if we can, to poll directory information.
> It saves us from having to go to the Exchange server and having the
> Exchange server proxy. So we have to be able to get to TCP port 135.
>
> The other piece is NSPI, or we called it Directory Service in Exchange
> 5.5; we kept it simple, Name Service Provider Interface is what NSPI
> stands for, and that's, once again, what we're going to use to talk to the
> directory. This is going to be on DCs and Exchange servers, whichever one
> the client decides to use. By default, RPC is a dynamic port protocol. It
> can talk over any ports. We want to give it this ability, just because it
> was handy when we were using it on LAN. When we start talking through
> firewalls, it's not as easy to use dynamic ports, just because we have to
> open up a huge range. This can be statically mapped on our domain
> controllers or Exchange servers. You're going to do it in the registry. We
> provided the KB article down at the bottom, "Exchange 2000 Static Port
> Mappings," Q270836. This is going to discuss any statically mapped ports
> we're going to need to set to get Exchange working through a firewall.
>
> We have another port (slide 12). We have end-point mapper and directory.
> We're going to have to talk to the Information Store, though. We're going
> to have to get our mailbox and public folder data. This port is only going
> to have to be statically mapped on Exchange 2000 servers, our mailbox, and
> public folder servers. Keep in mind, we're going to want to do this on
> every mailbox and public folder server. Mailboxes aren't as important.
> Public folder servers are very important because a client may have to get
> data from some remote public folder server. We're going to need to have
> that statically mapped.
>
> The last topic here is push notification. In the past with push
> notification, it was new mail notification. This is when you get the bold
> item in your inbox, and when you get the little message down at the bottom
> of your screen that says, "You have new mail." What we've done in the past
> is we've used the UDP packet. The client registers a port with the socket
> and is going to have to give the IP address and a port. The server is
> going to send a little UDP packet to that client whenever new mail
> arrives. This poses an issue for firewalls, because what that means is,
> for an administrator, they have to open up UDP outbound over all ports.
> They can't keep it specific to a session because, in this case, the client
> doesn't establish a TCP session, it's a simple UDP connectionless packet
> that goes through the firewall from your Exchange server to the Internet.
>
> This may not be a big concern if you're not concerned about protecting
> outbound communications, but this has become a concern. We have a KB
> article listed for Outlook 2002, Q305572; we can use push notification.
> That can also be done in Outlook 2000 as well as Outlook 2002. Once again,
> you have your link to the Exchange 2000 static port mappings for the
> Directory Service."
>
> --
> .:Daniel Melanchthon:.
> Technologieberater - Exchange Server
> http://blogs.technet.com/dmelanchthon
> This posting is provided "AS IS" with no warranties, and confers no
> rights.


.

Relevant Pages

  • Re: ie7 accesss
    ... you need to forward ports 80 and 44 to your Exchange. ... In order to receive SMTP mail you need to forward port 25 as well. ... Exchange Server Security Hardening Guide: ... More detailed info in Client Access Guide - Configuring Exchange Server 2003 for Client Access: ...
    (microsoft.public.exchange.admin)
  • Re: VPN design
    ... :We have Exchange working just fine here through Checkpoint firewalls. ... and B sends back a port number, then one of PIX-A or PIX-B ... If the IP+port that the Exchange server sees is ... order to allow outgoing access to the destination. ...
    (comp.dcom.sys.cisco)
  • RE: DNS and Exchange issues
    ... with the Exchange Server after you have installed the patch 888619. ... XFOR: Telnet to Port 25 of IMC to Test IMC Communication: ... Start Exchange System Manager. ... Port 21 enables external and internal file transfer ...
    (microsoft.public.windows.server.sbs)
  • RE: DCOM patch + Exchange
    ... that the patch stopped clients from accessing their Exchange servers. ... could care less about having an Exchange server directly accessible to ... > Except they refered to another ISP but it does not matter what isp you have ... > By the way you don't have to expose port 135 for everyone in order for this ...
    (Focus-Microsoft)
  • Re: VPN-Zugrigg auf Ex2k =?ISO-8859-15?Q?schl=E4gt_fehlt?=
    ... That's TCP port 135 on Exchange servers and domain controllers. ... It saves us from having to go to the Exchange server and having the Exchange server proxy. ... This is going to be on DCs and Exchange servers, whichever one the client decides to use. ...
    (microsoft.public.de.exchange)