FrontEnd/BackEnd Servers through DMZ - Need Help

[techbird]

I have installed a Front-End and a Back-End Exchange 2003 Mail Server. Everything works fine without a DMZ in the picture. I paid a consultant to configure a DMZ through our PIX 515E. With the Front-End Server in the DMZ - it works no longer. The consultant says they have all the necessary ports are open and there is a Microsoft problem. If I return the configuration to the original and omit the DMZ, everything works fine again. Can anyone suggest what the problem might be. The OS is Windows Server 2003.

Thanks
Emmons

 

[Micron1090]

Looks kinda fishy to me, but you can try to test the firewall by telneting from the front end box to the backend box on the appropriate ports to see if the dmz is correctly setup.

Might want to think about using nat instead of a dmz, i've done that in the past and it's very easy to setup, especially on a pix.

if you have to go with a dmz, then have the consultant turn logging on, you should see what get's rejected in the logs.

 

[FromTheHip]

We wanted to do the same thing where I work, but couldn't because our DMZ wasn't a part of the same forest as the domain where the backend servers would be. I don't know if that is the issue, but something you might look into.