Re: SBS Prem on dual homed system HELP
From: chris landman (landman_at_lsls.skls)
Date: 02/08/05
- Next message: Godfrey Nicholson: "IIS Security Lockdown Wizard"
- Previous message: farastray: "Enable internet and file sharing"
- In reply to: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Next in thread: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Reply: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 7 Feb 2005 18:19:56 -0600
Yea, I opened the 443 port and was not able to connect. I am sure I have
missed something. I need to find a step by step setup of this. We have a
PIX and I heard that it can be stopping the traffic. I will have to call
Cisco. Do you know anywhere I can get a good walkthrough of everything I
need to do to get this setup and secure?
-- Chris Landman "Matt Gibson" <mattg@blueedgetech.ca> wrote in message news:urEBMPVDFHA.2632@TK2MSFTNGP12.phx.gbl... > Usually at least. > > 25 - SMTP for incoming mail > 443 - HTTPS for OWA > 3389 - Terminal Services > > I don't have RWW on this server, but that would be port 4125 > > Matt Gibson - GSEC > > "chris landman" <chris landman@lsls.skls> wrote in message > news:utUO6MVDFHA.3888@TK2MSFTNGP09.phx.gbl... >> So I need those three ports open? >> >> -- >> Chris Landman >> "Matt Gibson" <mattg@blueedgetech.ca> wrote in message >> news:%23B5QxGODFHA.3376@TK2MSFTNGP12.phx.gbl... >>> Your PIX config should look something like this. >>> >>> (A lot is cut out, this is the stuff for port forwarding. >>> >>> no fixup protocol smtp 25 >>> access-list acl_out permit tcp any host 204.50.X.X eq 3389 >>> access-list acl_out permit tcp any host 204.50.X.X eq smtp >>> access-list acl_out permit tcp any host 204.50.X.X eq 443 >>> >>> Matt Gibson - GSEC >>> >>> >>> "chris landman" <chris landman@lsls.skls> wrote in message >>> news:OJ3CwxMDFHA.4052@TK2MSFTNGP15.phx.gbl... >>> I had that port opened, but could not connect. I use a PIX, so it is a >>> statefull firewall. I wonder if that is stopping it. Is 443 the only >>> port I need to open? >>> >>> -- >>> Chris Landman >>> "Cris Hanna [SBS-MVP]" >>> <crisnospamhanna@computingnospampossibilities.net> wrote in message >>> news:Off79sMDFHA.1564@TK2MSFTNGP09.phx.gbl... >>> Ideally port 443 so you can run OWA over SSL >>> http://www.smallbizserver.net/Default.aspx?tabid=83 >>> >>> >>> -- >>> Cris Hanna [SBS - MVP] >>> --------------------------------------- >>> Please reply only to the newsgroup and not to me directly so that >>> everyone can benefit from the information >>> "chris landman" <chris landman@lsls.skls> wrote in message >>> news:etgaHkMDFHA.3504@TK2MSFTNGP12.phx.gbl... >>> No, both locations are not SBS. The only thing is that I do not want >>> SBS to act as a proxy server. I guess I could just use one NIC and let >>> my PIX do the firewall function. I just wanted an extra layer of >>> security. If I just use an internal NIC, what do I need to forward >>> through the firewall to be able to use OWA? >>> >>> -- >>> Chris Landman >>> "Cris Hanna [SBS-MVP]" >>> <crisnospamhanna@computingnospampossibilities.net> wrote in message >>> news:uUes7BJDFHA.520@TK2MSFTNGP09.phx.gbl... >>> Christopher >>> You should absolutely visit www.smallbizserver.net and check out the >>> information on configurations there >>> >>> ISA is designed to protect the internal network by acting as a firewall >>> on the external nic. The external facing nic (in your case the one >>> that would connect to your PIX) must be a on different subnet from your >>> internal nic >>> >>> I'm not sure why you considering adding another level of complexity to >>> your setup. You have a hardware firewall protecting each internal >>> network. You could of course increase the protection by adding ISA. >>> But you need to do a little studying and you would be making some big >>> changes to your existing networks on both and you could be looking at >>> some down time. >>> >>> Are both locations SBS ? >>> >>> -- >>> Cris Hanna [SBS - MVP] >>> --------------------------------------- >>> Please reply only to the newsgroup and not to me directly so that >>> everyone can benefit from the information >>> "CHRISTOPHER LANDMAN" <clandman@email.uophx.edu> wrote in message >>> news:uerpMsIDFHA.2676@TK2MSFTNGP12.phx.gbl... >>> I am tiring to setup a SIBS with two nic cards. The IP address scheme >>> inside the network is 192.168.1.x at the first site and 192.168.5.x at >>> the second site. We have a VPN that connects the two. Our PIX firewall >>> handles the VPN. (PIX to PIX) I would like to get an inside and an >>> outside nic going. I would like to use private IPs for both of them and >>> forward traffic to the outside nic to handle clients outside the >>> network. Both sites will use the inside nic for Exchange and DC. Can >>> you tell me how to set the nic cards on the server and what to use on >>> the clients? Is there a better way of doing this. I do not want the >>> external nic to have a public IP address. Could I use an IP address in >>> the 192.168.1.x subnet (same subnet as my inside nic at site one)? I am >>> going to set ISA server up once I get this problem taken care >>> of..although, I do not want my clients to use ISA as a proxy server. >>> Also, once I install ISA server, what do I need to do to make sure >>> replication can occur between DCs. Is it possible to only implement ISA >>> on the outside nic? >>> >>> >>> Thanks, >>> >>> -- >>> Chris Landman >>> >> >> > >
- Next message: Godfrey Nicholson: "IIS Security Lockdown Wizard"
- Previous message: farastray: "Enable internet and file sharing"
- In reply to: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Next in thread: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Reply: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
