• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2000/back to back ISA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Exchange 2000/back to back ISA Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2000/back to back ISA - 6.Jul.2001 4:23:00 PM   
Yves

 

Posts: 32
Joined: 27.Feb.2001
From: Belgium
Status: offline
Hope someone can help me

I've got a back to back ISA configuration with a webserver in the DMZ. everything is ok for that.

the problem is I do not know how to configure ISA or which ISA server to publish my Exchange server placed in the internal network.

I published it with the inetrnal ISA, configure to open in/out smtp on both internal/external ISA servers but my mails do not get in/out.

Thanks for your help

Post #: 1
RE: Exchange 2000/back to back ISA - 7.Jul.2001 8:51:00 PM   
erocanas

 

Posts: 12
Joined: 13.Jun.2001
From: ny,ny,usa
Status: offline
I had back to back firewalls (only internal was ISA) and published HTTP and SMTP on internal server. Then I published the external nic of the internal firewall on the external firewall. This works.

I changed the configuration, though, and put a front-end E2k server/SMTP connector in the perimeter network. Just need to publish those on the external firewall, and publish appropriate ports (smtp, http, ldap, netlogon, rpc, kerboros, dns, etc) on the internal firewall.

I have read some opinions here (including from Tom Schinder) about using VPN from the perimeter servers into the private network, so you don't need to publish all those ports. I did this (there are some issues with getting the Exchange and Netlogon services running, even if you make them dependent on the RRAS service), and it does work.

HOWEVER, I don't have much faith in the security of this method. In effect, the VPN bypasses the internal firewall. So if compromised, the perimeter server would be quick gateway into private network.

Also, I think it is less stable, and more of an administrative nightmare.


quote:
Originally posted by Yves:
Hope someone can help me

I've got a back to back ISA configuration with a webserver in the DMZ. everything is ok for that.

the problem is I do not know how to configure ISA or which ISA server to publish my Exchange server placed in the internal network.

I published it with the inetrnal ISA, configure to open in/out smtp on both internal/external ISA servers but my mails do not get in/out.

Thanks for your help



(in reply to Yves)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Exchange 2000/back to back ISA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts