Should the OWA & ActiveSync Client Access Server be installed in the DMZ or can the internal CAS be safely accessed directly
We have a small domain and not a lot of money. Should we pay the extra money to buy a Client Access Server to put in the DMZ to allow users to access OWA externally and PDA uses to connect to their mailboxes? If so, are there online instructions somewhere detailing this process of setting up such a server in the DMZ?
Or is it possible using SSL and a certificate to safely protect our Exchange server while still having the internal CAS accessed directly from the internet? By the way, our Client Access Server has other roles beyond CAS.
Software/Hardware used:
Software/Hardware used:
ASKED:
March 25, 2009 12:01 AM
UPDATED:
March 25, 2009 2:26 PM
RELATED QUESTIONS
- Safe@office, Securemote issues
- Is there a way to limit access to the OWA in 2007 or 2010 so that the users will have access inside the LAN and still not have access from the DMZ?
- Domain Rename + Update SP2 for Exchange 2007 (CAS update error 2147024891)
- Help with Exchange 2003 SMTP virtual servers, connectors, and TLS security.
- Microsoft Small Business Server and FTP
Answer Wiki:
As long as you put a certificate on your CAS you can allow access from the internet safely without having to put it in the DMZ. That is the exact configuration our CAS is set up with. Here is an excellent article on <a href="http://blog.aaronmarks.com/?p=40">SSL and Exchange 2007</a>. We have three CAS/Hub combo servers all with ssl certs and none are in the DMZ.
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
