Accessing MS Exchange Server on DMZ zone of Cisco Pix 515E as local server
Hi,
We currently have a MS Small Business Server 2000 (of which Exchange Server is a part) configured on the LAN behind a firewall and use POP3 Connector of MS Exchange to retrieve external mails. Our users connect to the MS Exchange Server within the LAN without requiring to connect to the Internet.
The question that I have is, if we put the Server on the DMZ zone of our Cisco Pix 515E firewall and assign a public IP to it to retrieve external mails using SMTP Connector, will it be possible for our users on the LAN to connect to the MS Exchange Server without connecting to the Internet just as before.
Thanks in advance.
Software/Hardware used:
Software/Hardware used:
ASKED:
July 15, 2005 3:48 AM
UPDATED:
September 6, 2005 8:03 AM
Answer Wiki:
Yes, it'll just take a modification of your Pix rules.
I don't know the ports used off-hand, but what I'd recommend is that you sniff a typical user connecting to the Exchange server and observe the various ports, and port ranges (watching the random high numbered ports for range limits).
By the way, if you're going to put your own SMTP connector out there, I'd also recommend that you put an SMTP firewall on the machine (Anti-Virus and such), and/or subscribe to a service like Postini - which does an excellent job of filtering out spam.
Have fun,
Bob
To see all answers submitted to the Answer Wiki: View Answer History.
I would strongly suggest not moving your small business server into the DMZ. If you are using all of the software that comes with SBS, you are running a larger risk sticking it into the DMZ.
You can modify the pix configuration so that your internal server is able to pull mail from an outside source.