BE/FE exchange Via ISA (Full Version)

All Forums >> [ISA Server 2000 General] >> Server Publishing


jinkostas -> BE/FE exchange Via ISA (8.Feb.2002 5:46:00 PM)

Hello everybody....Tell me plz if this is possible

Here is my question

I have the following network

ISA Server --->Real Ip ---->Fake Ip
and i publish the QWA on ISA Server from a server that has the followin IP and it is the FrontEnd Exchange server

Both Servers are on the same Domain and both are Windows 2000 Server...

Now i Setup an other isa server that is is gonna be between the FE and the BE exchange

2nd Isa Server
IP 1#
IP 2#

Back End Exchange ip with gateway

The Second isa server and the Backend Exchange server are also Windows 2000 Server BUT
the log on ON A DIFFERENT domain

I dont have a great knowledge about Exchange Server and i read here on that i have to use a VPN connection ( probably vpn dial-up etc..) but i think that the FE and the BE must be on the Same AD.. isnt that right???

Thanks in advance

I am very comfused

ConsoleH -> RE: BE/FE exchange Via ISA (8.Feb.2002 8:30:00 PM)


I know what you are trying to do, An yes in order for FE/BE topology to work both server must be on the same domain.
What You are really trying to do is to Create Microsoft's Exchange 200 server Front-End and Back-End Topology where you have an inner firewall then a Front end exchange server and then an outter firewall then a back end exchange.
For more info go to

I know this because I was persuing this topology too, but After a lot of problems I desided to use a diferrent approch. The topology you are trying to do really doesn't work well in the production environment. I suggest that you do what i did and put both FE and BE exchange server behind the ISA server and then Publish then FE exchange server.
But if you really want to try to do the FE/BE topology here are a few articles by Tom that helped me:

Read this one on how to create your DMZ by Tom the man
ISA Server DMZ Scenarios

Then read this one to see how to configure Publishing Exchange 2000 Outlook Web Access with ISA Server .htm

Read this one to allow the Front End Exchange server to communicate with your internal network
I think this is what you were looking for since what you are really tring to achive is to allow the Front End Exchange Server be part of the internal domain and to be able to acces your internal Active directory and Global catalog event though it is in front of the Firewall or ISA
Allowing Intradomain Communications Through an ISA Server

[ February 08, 2002, 08:37 PM: Message edited by: ConsoleH ]

jinkostas -> RE: BE/FE exchange Via ISA (11.Feb.2002 9:15:00 AM)

Thanks for the reply...

But i read all the time about "the best way is to make a connection between FE/BE is with vpn"

What network topology u have to make to make the vpn work???

i dont know probably Dr. Thomas W. Shinder will give as a detailed answer...

because if you have an ISA Server with real IP and publish the OWA on the FE exchange it is ok... i van understand it but the connection between a FE/BE when the ISA server is on the way and they are in a different Domain... how the VPN will help.. when the vpn call that you make has usernem/password from the other domain and the BE is on a differnet domain than the FE

Sorry if i confused but believe me i am to....

Page: [1]