Exchange in DMZ with OWA

[ianbla]

At the moment I have my exchange server sitting internally, my boss would like the consultants to be able to access their e-mail from any browser using OWA (airport, client site, etc...)

Does anybody have a best practice for this. I do have a DMZ on myt PIX515 but how would the Exchange server talk with the Active Directory if it was in the DMZ?

If it sat in the DMZ in it's own domain would internall users need to log on twice to get to their mail?

Could I have a trust relationship through the firewall to the DMZ?

I am sorry for the questions but I am getting ahssled for answers from the bosses.

Many thanks for your help.
Ian.

 

[Javamahn]

There is a great document put out by Microsoft on setting up OWA with and without a firewall. you can find it at

http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc

 

[yizhar]

HI.

It can be done, but I recommend a different and more secure approach that will not expose your Exchange server and data to the world.

Setup a new dedicated mail server that has web access in the DMZ. This can be an Exchange server, a unix box, a Windows/Netware box with novell's mail server (see

http://www.myrealbox.com)

or one of many other choices.

Keep your Exchange server indise without moving it.
Create rules on the Exchange server to forward all mails destined to these consultants to the other server.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar