Why oh why would you want to open up such insecurity to your Exchange box? As someone previously mentioned, if you must, you should consider something like ISA server or move to Exchange 2003 for RPC over HTTPS. We don't have either of these in place but what we do is utilize a VPN to put outside travelers on the inside network for Outlook access. Since you're running a PIX (you don't say what model) you can use VPN straight to it. You will loose some functionality by doing so (browsing web while connected). We used this option for about two months and ended up putting a VPN concentrator in place. Good functionality for outside users besides just outlook access. Regards, Mike Liddekee Network Engineer Humco Holding Group, Inc. 7400 Alumax Dr. Texarkana, TX 75501 Ph: (903) 831-7808 ext 697 -----Original Message----- From: Bindesh Patel [mailto:Bindesh.Patel@xxxxxxxxxxx] Sent: Tuesday, November 09, 2004 5:58 AM To: [ExchangeList] Subject: [exchangelist] Connectivity through PIX firewall http://www.MSExchange.org/ Hi all, i am trying to implement a new exchnage environment and have some questions regarding connection from outlook clients to exchnage 2000 cluster though a firewall. we have opened up ports 25, 135, and 435 to the exchnage server from clients but what seems to happen is that exchnage picks random ports when connecting to the information store and directory services. We dont want to open the firewall for hundreds of these port numbers( ie 5000, 5421 etc) and was wondering of we could use something like IP Sec to determine connectivity. Has anyone come across this issue? we have tried to assign these staticaly but does not work with exchnage in a clustered environment. any help will be appreciated. many thanks Bindesh Patel. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: mliddekee@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ********************************************************************** This e-mail, and any attachments, has been checked by us for computer viruses. Although none have been detected we cannot guarantee that it is completely free from such problems and we do not accept any liability for loss or damage that may be caused. We would therefore advise you to carry out your own virus checks before opening any attachments. If you do find a computer virus please inform us immediately by e- mailing administrator@xxxxxxxxxxx so that we may take appropriate action. The contents and attachments are intended solely for the addressee and are confidential. If you are not the intended recipient, any disclosure,copying, distribution or any action taken, or omitted to be taken, in reliance on it, is prohibited and may be unlawful If you have received this message in error, please notify the sender by e-mail immediately, and delete the message from your computer without making any copies. **********************************************************************