Accessing MS Exchange Server on DMZ zone of Cisco Pix 515E as local server
Home > IT Answers > Networking > Accessing MS Exchange Server on DMZ zone of C...
Krish69
0 pts.
0
Q:
Accessing MS Exchange Server on DMZ zone of Cisco Pix 515E as local server
Network security, Firewalls, Intrusion management, Incident response, Forensics, Wireless, VPN
Hi,

We currently have a MS Small Business Server 2000 (of which Exchange Server is a part) configured on the LAN behind a firewall and use POP3 Connector of MS Exchange to retrieve external mails. Our users connect to the MS Exchange Server within the LAN without requiring to connect to the Internet.

The question that I have is, if we put the Server on the DMZ zone of our Cisco Pix 515E firewall and assign a public IP to it to retrieve external mails using SMTP Connector, will it be possible for our users on the LAN to connect to the MS Exchange Server without connecting to the Internet just as before.

Thanks in advance.
ASKED: Jul 15 2005  3:48 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
bobkberg
895 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
Yes, it'll just take a modification of your Pix rules.

I don't know the ports used off-hand, but what I'd recommend is that you sniff a typical user connecting to the Exchange server and observe the various ports, and port ranges (watching the random high numbered ports for range limits).

By the way, if you're going to put your own SMTP connector out there, I'd also recommend that you put an SMTP firewall on the machine (Anti-Virus and such), and/or subscribe to a service like Postini - which does an excellent job of filtering out spam.

Have fun,

Bob
Last Answered: Jul 15 2005  10:54 AM GMT by bobkberg   895 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

NetTech21   0 pts.  |   Sep 6 2005  8:03AM GMT

I would strongly suggest not moving your small business server into the DMZ. If you are using all of the software that comes with SBS, you are running a larger risk sticking it into the DMZ.

You can modify the pix configuration so that your internal server is able to pull mail from an outside source.

 
0