RE: Connectivity through PIX firewall

• From: "Mike Liddekee" <mliddekee@xxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 9 Nov 2004 15:41:12 -0600

if you do the vpn to the pix, your outside user won't be able to surf
the web from their remote connection.  this causes issues with user's
trying to click hyperlinks in emails.  any internal stuff should still
work fine though.  it's a "feature" of the pix that it won't allow
traffic to go out the same interface it comes in on.  
 
 
  _____  

From: Fernando Cruchaga [mailto:FCruchaga@xxxxxxx] 
Sent: Tuesday, November 09, 2004 2:20 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Connectivity through PIX firewall


http://www.MSExchange.org/

If you setup the VPN Correctly you won't loose any functionality
 
Fernando Cruchaga
QEP
Corporate Network Manager
1081 Holland Drive 
Boca Raton, FL 33487
561-994-5550
  _____  

From: Mike Liddekee [mailto:mliddekee@xxxxxxxxx] 
Sent: Tuesday, November 09, 2004 9:41 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Connectivity through PIX firewall
 
http://www.MSExchange.org/
Why oh why would you want to open up such insecurity to your Exchange
box?  As someone previously mentioned, if you must, you should consider
something like ISA server or move to Exchange 2003 for RPC over HTTPS.
We don't have either of these in place but what we do is utilize a VPN
to put outside travelers on the inside network for Outlook access.
Since you're running a PIX (you don't say what model) you can use VPN
straight to it.  You will loose some functionality by doing so (browsing
web while connected).  We used this option for about two months and
ended up putting a VPN concentrator in place.  Good functionality for
outside users besides just outlook access.
 
 
Regards,
Mike Liddekee
Network Engineer
 
Humco Holding Group, Inc.
7400 Alumax Dr. 
Texarkana, TX  75501
Ph:  (903) 831-7808 ext 697
 
-----Original Message-----
From: Bindesh Patel [mailto:Bindesh.Patel@xxxxxxxxxxx] 
Sent: Tuesday, November 09, 2004 5:58 AM
To: [ExchangeList]
Subject: [exchangelist] Connectivity through PIX firewall
 
http://www.MSExchange.org/
Hi all,
 
i am trying to implement a new exchnage environment and have some
questions regarding connection from outlook clients to exchnage 2000
cluster though a firewall.
we have opened up ports 25, 135, and 435 to the exchnage server from
clients but what seems to happen is that exchnage picks random ports
when connecting to the information store and directory services. We dont
want to open the firewall for hundreds of these port numbers( ie 5000,
5421 etc)  and was wondering of we could use something like IP Sec to
determine connectivity. Has anyone come across this issue? we have tried
to assign these staticaly but does not work with exchnage in a clustered
environment.
 
any help will be appreciated.
 
 
many thanks
 
Bindesh Patel.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
mliddekee@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
fcruchaga@xxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
mliddekee@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 
**********************************************************************
This e-mail, and any attachments, has been checked by us for computer
viruses. Although none have been detected we cannot guarantee that it is
completely free from such problems and we do not accept any liability
for loss or damage that may be caused. We would therefore advise you to
carry out your own virus checks before opening any attachments. If you
do find a computer virus please inform us immediately by e- mailing
administrator@xxxxxxxxxxx so that we may take appropriate action. The
contents and attachments are intended solely for the addressee and are
confidential. If you are not the intended recipient, any
disclosure,copying, distribution or any action taken, or omitted to be
taken, in reliance on it, is prohibited and may be unlawful If you have
received this message in error, please notify the sender by e-mail
immediately, and delete the message from your computer without making
any copies.
********************************************************************** 

Other related posts:

• » Connectivity through PIX firewall
• » RE: Connectivity through PIX firewall
• » RE: Connectivity through PIX firewall
• » Re: Connectivity through PIX firewall
• » RE: Connectivity through PIX firewall
• » RE: Connectivity through PIX firewall
• » RE: Connectivity through PIX firewall

1. Home
2. exchangelist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---