• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Internal SMTP/POP clients

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Internal SMTP/POP clients Page: [1]
Login
Message << Older Topic   Newer Topic >>
Internal SMTP/POP clients - 12.Jan.2007 12:48:58 PM   
paul_psmith

 

Posts: 79
Joined: 2.Nov.2006
Status: offline
I have ISA arrays with DMZ and Internal interfaces. I have followed all the instrauctions for setting them up and I am able to get my OWA clients, both internal and external to work using OWA publishing rules. the Internal users hit the internal interface and "bounce" off ISA to the Ex FE server that is internal (all internal on 10.x.x.x subnets). External goes through the ISA server from the DMZ interface (192.168.x.x) to the internal interface.
 
I can't get this to work for SMTP or POP users internally. Is there any hints for this, or has anyone else done this?
 
Alternatively, is there any way to make the internal users go through the DMZ to access these services. I know ISA does not like to have internal clients coming from the DMZ, because it does not expect those packets to come from that direction, so it drops them as spoofed.
 
Thanks
Post #: 1
RE: Internal SMTP/POP clients - 18.Jan.2007 10:33:48 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
There is no external interface? This would indicate that the ISA Firewall doesn't have any default gateways configured on it and is being used as a strictly LAN perimeter network firewall that doesn't receive or forward any Internet bound connections.

Is that right?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paul_psmith)
Post #: 2
RE: Internal SMTP/POP clients - 18.Jan.2007 10:43:13 AM   
paul_psmith

 

Posts: 79
Joined: 2.Nov.2006
Status: offline
No. It has a DMZ interface. I just want to mkae internal pop/smtp clients hit the internal interface of the ISA server for this access. Since ISA won;t allow me to have the internal clients go through the DMZ interface, since it does not expect internal connections to come to the DMZ interface and will drop them.

This way all my Exchange communications go through ISA and I don't have any connecitons like this directly to the Exchange FE servers. I can then use something like IPSec or another firewall to only enable access to the EX FE servers on 25 and 110 from the ISA servers. More security.

As it stands I will need to allow all 25 and 110 to access the Ex FE servers. I was hoping to stop this.

Thanks

PS

(in reply to tshinder)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Internal SMTP/POP clients Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts