Any ideas on configuring a PIX 506 for MS Exchange 5.5 would be greatly appreciated. The Exchange server works fine using the MS Mail connector for LAN delivery of mail but I now need to be able to use the Internet Mail connector. I have read several Cisco docs on the subject but none seem palatable as I don't have the budget for another server to implement the inside/outside server as I saw recommended in one Cisco doc. Is there a way to open the Exchange server to Internet Mail and HTTP for the Outlook Web Access? I have a 1750 router sitting between the PIX 506 and the Exchange Server. Thanks in advance for any info.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PIX 506, 1750 Router and MS Exchange Configuration
- Thread starter bubarooni
- Start date
HI!
The configuration is easy once you know what you want to do.
If you're server is in the "inside" network, and you want to get EMail directly from the internet you should:
1) Create a STATIC mapping with an outside registered IP mapped to your internal server private IP.
2) Create a CONDUIT or ACCESS-LIST & ACCESS-GROUP to open TCP port 25 for inbound email traffic. (Outbound trafic is open by default if you haven't change that).
3) Contact your ISP to change the MX record of your domain name in DNS to represent the correct IP.
You may try my free configuration program for PIX as an aid:
For Outlook Web Access, it is easy also, simply openning port 80.
However it is not recommended to open it since it will expose your server to many attacks like the CODE-RED, NIMDA and others.
If you must use OWA from the Internet, think about these tips:
* Change the port from 80 to something else. This will lower the risk from some attacks.
* You must install SP6a and the latest SRP from MS (and future patches).
* It is better to implement a public OWA on a different dedicated IIS server and not on your sensitive Exchange server. (If the IIS server crashes, Exchange is still working and servicing clients and email transfer).
* Consider limiting access to OWA using VPN technology, (PPTP or IPSec), and/or authentication, access-list by IP address/range and so, as apropriate to allow legitimate clients, but make it harder for malicious users/programs.
Bye
Yizhar
Yizhar Hurwitz
The configuration is easy once you know what you want to do.
If you're server is in the "inside" network, and you want to get EMail directly from the internet you should:
1) Create a STATIC mapping with an outside registered IP mapped to your internal server private IP.
2) Create a CONDUIT or ACCESS-LIST & ACCESS-GROUP to open TCP port 25 for inbound email traffic. (Outbound trafic is open by default if you haven't change that).
3) Contact your ISP to change the MX record of your domain name in DNS to represent the correct IP.
You may try my free configuration program for PIX as an aid:
For Outlook Web Access, it is easy also, simply openning port 80.
However it is not recommended to open it since it will expose your server to many attacks like the CODE-RED, NIMDA and others.
If you must use OWA from the Internet, think about these tips:
* Change the port from 80 to something else. This will lower the risk from some attacks.
* You must install SP6a and the latest SRP from MS (and future patches).
* It is better to implement a public OWA on a different dedicated IIS server and not on your sensitive Exchange server. (If the IIS server crashes, Exchange is still working and servicing clients and email transfer).
* Consider limiting access to OWA using VPN technology, (PPTP or IPSec), and/or authentication, access-list by IP address/range and so, as apropriate to allow legitimate clients, but make it harder for malicious users/programs.
Bye
Yizhar
Yizhar Hurwitz
- Thread starter
- #3
That sounds pretty straight forward. I have done similar stuff for setting up vpn's and Citrix access to other servers. Thanks for the advice. In about two weeks I have to change Frame Relay providers and that looks pretty complicated so I may be asking you some more questions then, especially about DLCI's. They are keeping me awake at nights...
- Status
Similar threads
- Locked
- Question