Re: SBS Prem on dual homed system HELP
From: chris landman (landman_at_lsls.skls)
Date: 02/09/05
- Next message: Cris Hanna [SBS-MVP]: "Re: rename 2003 dom or not?"
- Previous message: Chad A Gross [SBS-MVP]: "Re: SBS 2003 Premium and Cert Services"
- In reply to: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Next in thread: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Reply: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Feb 2005 19:56:21 -0600
I got it Matt. I called Cisco and it was something that they sent me and
fat fingered. I am in now. I was thinking of not putting a external dns
name with it and only using the IP address. It seems like that would be
more secure because on not having a friendly name. What do you think?
I did have my ISP forward a DNS name. Our local domain is abc.com and our
email domain is abcde.org. We have both of them registered. ( the abc.com
was here before I started or I would have made it a .local) Our servers name
is server. In the connection wizard of SBS, I gave it the FQDN of
server.secure.abcde.org I had my ISP forward secure.abcde.org to our public
IP address. I think that should work, because it forwards that address to
this IP address. Should I have forwarded the full name, including the
server name?
-- Chris Landman "Matt Gibson" <mattg@blueedgetech.ca> wrote in message news:eYsmCuaDFHA.3256@tk2msftngp13.phx.gbl... > Post your PIX config (Make sure to delete the lines dealing with > passwords, even if they're encrypted) and we'll see what we can do. > > Matt Gibson - GSEC > > "chris landman" <chris landman@lsls.skls> wrote in message > news:eSejiPXDFHA.3888@TK2MSFTNGP09.phx.gbl... >> Yea, I opened the 443 port and was not able to connect. I am sure I have >> missed something. I need to find a step by step setup of this. We have >> a PIX and I heard that it can be stopping the traffic. I will have to >> call Cisco. Do you know anywhere I can get a good walkthrough of >> everything I need to do to get this setup and secure? >> >> -- >> Chris Landman >> "Matt Gibson" <mattg@blueedgetech.ca> wrote in message >> news:urEBMPVDFHA.2632@TK2MSFTNGP12.phx.gbl... >>> Usually at least. >>> >>> 25 - SMTP for incoming mail >>> 443 - HTTPS for OWA >>> 3389 - Terminal Services >>> >>> I don't have RWW on this server, but that would be port 4125 >>> >>> Matt Gibson - GSEC >>> >>> "chris landman" <chris landman@lsls.skls> wrote in message >>> news:utUO6MVDFHA.3888@TK2MSFTNGP09.phx.gbl... >>>> So I need those three ports open? >>>> >>>> -- >>>> Chris Landman >>>> "Matt Gibson" <mattg@blueedgetech.ca> wrote in message >>>> news:%23B5QxGODFHA.3376@TK2MSFTNGP12.phx.gbl... >>>>> Your PIX config should look something like this. >>>>> >>>>> (A lot is cut out, this is the stuff for port forwarding. >>>>> >>>>> no fixup protocol smtp 25 >>>>> access-list acl_out permit tcp any host 204.50.X.X eq 3389 >>>>> access-list acl_out permit tcp any host 204.50.X.X eq smtp >>>>> access-list acl_out permit tcp any host 204.50.X.X eq 443 >>>>> >>>>> Matt Gibson - GSEC >>>>> >>>>> >>>>> "chris landman" <chris landman@lsls.skls> wrote in message >>>>> news:OJ3CwxMDFHA.4052@TK2MSFTNGP15.phx.gbl... >>>>> I had that port opened, but could not connect. I use a PIX, so it is >>>>> a statefull firewall. I wonder if that is stopping it. Is 443 the >>>>> only port I need to open? >>>>> >>>>> -- >>>>> Chris Landman >>>>> "Cris Hanna [SBS-MVP]" >>>>> <crisnospamhanna@computingnospampossibilities.net> wrote in message >>>>> news:Off79sMDFHA.1564@TK2MSFTNGP09.phx.gbl... >>>>> Ideally port 443 so you can run OWA over SSL >>>>> http://www.smallbizserver.net/Default.aspx?tabid=83 >>>>> >>>>> >>>>> -- >>>>> Cris Hanna [SBS - MVP] >>>>> --------------------------------------- >>>>> Please reply only to the newsgroup and not to me directly so that >>>>> everyone can benefit from the information >>>>> "chris landman" <chris landman@lsls.skls> wrote in message >>>>> news:etgaHkMDFHA.3504@TK2MSFTNGP12.phx.gbl... >>>>> No, both locations are not SBS. The only thing is that I do not want >>>>> SBS to act as a proxy server. I guess I could just use one NIC and >>>>> let my PIX do the firewall function. I just wanted an extra layer of >>>>> security. If I just use an internal NIC, what do I need to forward >>>>> through the firewall to be able to use OWA? >>>>> >>>>> -- >>>>> Chris Landman >>>>> "Cris Hanna [SBS-MVP]" >>>>> <crisnospamhanna@computingnospampossibilities.net> wrote in message >>>>> news:uUes7BJDFHA.520@TK2MSFTNGP09.phx.gbl... >>>>> Christopher >>>>> You should absolutely visit www.smallbizserver.net and check out the >>>>> information on configurations there >>>>> >>>>> ISA is designed to protect the internal network by acting as a >>>>> firewall on the external nic. The external facing nic (in your case >>>>> the one that would connect to your PIX) must be a on different subnet >>>>> from your internal nic >>>>> >>>>> I'm not sure why you considering adding another level of complexity to >>>>> your setup. You have a hardware firewall protecting each internal >>>>> network. You could of course increase the protection by adding ISA. >>>>> But you need to do a little studying and you would be making some big >>>>> changes to your existing networks on both and you could be looking at >>>>> some down time. >>>>> >>>>> Are both locations SBS ? >>>>> >>>>> -- >>>>> Cris Hanna [SBS - MVP] >>>>> --------------------------------------- >>>>> Please reply only to the newsgroup and not to me directly so that >>>>> everyone can benefit from the information >>>>> "CHRISTOPHER LANDMAN" <clandman@email.uophx.edu> wrote in message >>>>> news:uerpMsIDFHA.2676@TK2MSFTNGP12.phx.gbl... >>>>> I am tiring to setup a SIBS with two nic cards. The IP address scheme >>>>> inside the network is 192.168.1.x at the first site and 192.168.5.x at >>>>> the second site. We have a VPN that connects the two. Our PIX >>>>> firewall handles the VPN. (PIX to PIX) I would like to get an inside >>>>> and an outside nic going. I would like to use private IPs for both of >>>>> them and forward traffic to the outside nic to handle clients outside >>>>> the network. Both sites will use the inside nic for Exchange and DC. >>>>> Can you tell me how to set the nic cards on the server and what to use >>>>> on the clients? Is there a better way of doing this. I do not want >>>>> the external nic to have a public IP address. Could I use an IP >>>>> address in the 192.168.1.x subnet (same subnet as my inside nic at >>>>> site one)? I am going to set ISA server up once I get this problem >>>>> taken care of..although, I do not want my clients to use ISA as a >>>>> proxy server. Also, once I install ISA server, what do I need to do to >>>>> make sure replication can occur between DCs. Is it possible to only >>>>> implement ISA on the outside nic? >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> -- >>>>> Chris Landman >>>>> >>>> >>>> >>> >>> >> >> > >
- Next message: Cris Hanna [SBS-MVP]: "Re: rename 2003 dom or not?"
- Previous message: Chad A Gross [SBS-MVP]: "Re: SBS 2003 Premium and Cert Services"
- In reply to: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Next in thread: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Reply: Matt Gibson: "Re: SBS Prem on dual homed system HELP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
