RE: Connectivity through PIX firewall

  • From: Lee Swanson <swanson@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 09 Nov 2004 21:50:03 -0600

If you set up a VPN cliet and set the PIX to use a split-tunnel, you can have the best of both worlds.

Regards,

Lee Swanson

Mike Liddekee wrote:

http://www.MSExchange.org/
if you do the vpn to the pix, your outside user won't be able to surf the web from their remote connection. this causes issues with user's trying to click hyperlinks in emails. any internal stuff should still work fine though. it's a "feature" of the pix that it won't allow traffic to go out the same interface it comes in on.
------------------------------------------------------------------------
*From:* Fernando Cruchaga [mailto:FCruchaga@xxxxxxx]
*Sent:* Tuesday, November 09, 2004 2:20 PM
*To:* [ExchangeList]
*Subject:* [exchangelist] RE: Connectivity through PIX firewall


http://www.MSExchange.org/

If you setup the VPN Correctly you won’t loose any functionality

**Fernando Cruchaga**

QEP

Corporate Network Manager

1081 Holland Drive

Boca Raton, FL 33487

561-994-5550

------------------------------------------------------------------------

*From:* Mike Liddekee [mailto:mliddekee@xxxxxxxxx]
*Sent:* Tuesday, November 09, 2004 9:41 AM
*To:* [ExchangeList]
*Subject:* [exchangelist] RE: Connectivity through PIX firewall

http://www.MSExchange.org/

Why oh why would you want to open up such insecurity to your Exchange box? As someone previously mentioned, if you must, you should consider something like ISA server or move to Exchange 2003 for RPC over HTTPS. We don’t have either of these in place but what we do is utilize a VPN to put outside travelers on the inside network for Outlook access. Since you’re running a PIX (you don’t say what model) you can use VPN straight to it. You will loose some functionality by doing so (browsing web while connected). We used this option for about two months and ended up putting a VPN concentrator in place. Good functionality for outside users besides just outlook access.

Regards,

Mike Liddekee

Network Engineer

Humco Holding Group, Inc.

7400 Alumax Dr.

Texarkana, TX 75501

Ph: (903) 831-7808 ext 697

-----Original Message-----
*From:* Bindesh Patel [mailto:Bindesh.Patel@xxxxxxxxxxx]
*Sent:* Tuesday, November 09, 2004 5:58 AM
*To:* [ExchangeList]
*Subject:* [exchangelist] Connectivity through PIX firewall

http://www.MSExchange.org/

Hi all,

i am trying to implement a new exchnage environment and have some questions regarding connection from outlook clients to exchnage 2000 cluster though a firewall.

we have opened up ports 25, 135, and 435 to the exchnage server from clients but what seems to happen is that exchnage picks random ports when connecting to the information store and directory services. We dont want to open the firewall for hundreds of these port numbers( ie 5000, 5421 etc) and was wondering of we could use something like IP Sec to determine connectivity. Has anyone come across this issue? we have tried to assign these staticaly but does not work with exchnage in a clustered environment.

any help will be appreciated.

many thanks

Bindesh Patel.


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as: mliddekee@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as: fcruchaga@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as: mliddekee@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


********************************************************************** This e-mail, and any attachments, has been checked by us for computer viruses. Although none have been detected we cannot guarantee that it is completely free from such problems and we do not accept any liability for loss or damage that may be caused. We would therefore advise you to carry out your own virus checks before opening any attachments. If you do find a computer virus please inform us immediately by e- mailing administrator@xxxxxxxxxxx so that we may take appropriate action. The contents and attachments are intended solely for the addressee and are confidential. If you are not the intended recipient, any disclosure,copying, distribution or any action taken, or omitted to be taken, in reliance on it, is prohibited and may be unlawful If you have received this message in error, please notify the sender by e-mail immediately, and delete the message from your computer without making any copies. **********************************************************************

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as: swanson@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx




Other related posts: