• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Ports needed for FW Clients accessing Exchange

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Ports needed for FW Clients accessing Exchange Page: [1]
Login
Message << Older Topic   Newer Topic >>
Ports needed for FW Clients accessing Exchange - 10.Dec.2002 11:21:00 PM   
jimmyweston

 

Posts: 11
Joined: 10.Dec.2002
Status: offline 		Hi there,

We have firewall clients who need to access an Exchange server over the internet off-site in a different company that is being published using the Exchange RPC filter. They are obviously using Outlook as a MAPI client and not OWA.

I got it to work but the problem I'm having is that the only way to get their access to work is to give then All IP Traffic rights which I know is overkill for this. I tried just opening port 135 (RPC) for them and giving them access to that, but they couldn't access the Exchange Server that way, maybe because of the secondary connections needed.

Any ideas what Protocol Definition I can create which allow them just to access Exchange Server and nothing else?

Many thanks.
Post #: 1
RE: Ports needed for FW Clients accessing Exchange - 11.Dec.2002 7:27:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jimmy,

check out my article on RPC publishing over at www.isaserver.org/shinder and the section in the ISA Server and Beyond book on this issue. I'll have even more info on this subject in a few days.

HTH,
Tom

(in reply to jimmyweston)
Post #: 2
RE: Ports needed for FW Clients accessing Exchange - 11.Dec.2002 11:00:00 PM   
jimmyweston

 

Posts: 11
Joined: 10.Dec.2002
Status: offline 		Hi Tom,

Thanks for your reply. I remember reading this article as soon as it came out and it was very interesting and useful.

Having re-read it just now, it seems that the problem I am facing is in the fact that the Exchange Server dynamically assigns a port for the session, and by definition "All IP Traffic" is required because one can't predict the ports that will be negotiated for each session.

Is there a way around this?

Thanks!

(in reply to jimmyweston)
Post #: 3
RE: Ports needed for FW Clients accessing Exchange - 12.Dec.2002 4:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jimmy,

I can get it to work fine for the firewall clients by using the Protocol Rule I described in the article. Check that out and I think you're find it works great. I did for me [Big Grin]

HTH,
Tom

(in reply to jimmyweston)
Post #: 4
RE: Ports needed for FW Clients accessing Exchange - 12.Dec.2002 10:03:00 PM   
jimmyweston

 

Posts: 11
Joined: 10.Dec.2002
Status: offline 		Thanks again Tom!

I have found the exact reference in your article and I will be trying out the protocol definition in the way you suggest.

Thanks so much for your help.
Jimmy

(in reply to jimmyweston)
Post #: 5
RE: Ports needed for FW Clients accessing Exchange - 13.Dec.2002 6:01:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Jimmy,

No problem! Let us know how it works for you.

Thanks!
Tom

(in reply to jimmyweston)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Ports needed for FW Clients accessing Exchange Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts