• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange Server MAPI access in DMZ

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Exchange Server MAPI access in DMZ Page: [1]
Message << Older Topic   Newer Topic >>
Exchange Server MAPI access in DMZ - 5.Oct.2011 11:13:11 PM   


Posts: 1
Joined: 5.Oct.2011
Status: offline
We are running an ISA 2006 Array within a DMZ that presents AD Domain Controllers and Exchange 2003 servers to clients once they access the DMZ via VPN. Exchange is not published to the Internet, only to the DMZ that isolates VPN traffice to an isolated enclave. All necessary services and resources are presented within the DMZ.

Using a Mail server publishing created by the rule wizard, and the default Exchange RPC rule, our clients have been successfully using Outlook in the VPN tunnel with no issue, even when we implemented smartcard authentication and migrated clients to Outlook 2007. The rule is configured using the ISA Server IP to route traffic to the Exchange server instead of the original client IP. With Xp we have never had an issue.

We have begun working with Windows 7 and have found that Windows 7 with Outlook 2007 cannot access Exchange using MAPI via the ISA after VPN using the rules that have been working in XP for years.

I believe we need to change the rule to use the client IP instead of the ISA IP and route return traffic to the ISA Array IP on the routed interface to prevent the Kerberos and RPC traffic from being rewritten. I have been able to get Outlook to connect intermittently on my test system by modifying the rule whenever there is an IP denied in the log, however I believe the issue may be the change in dynamic rules, and potentially the inability of ISA 2006 on W2K3 and the Exchange RPC rule to properly coordinate the dynamic ports for Exchange with the Windows 7 client.

I am looking for clarification on any ideas someone may have to get the ports defined to get Windows 7 working with Outlook 2007 and Exchange while supporting XP during our client migration.

Any ideas are appreciated.


Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Exchange Server MAPI access in DMZ Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts