[ExchangeList] Re: Exchange Secure OWA and Active Sync - DMZ Architecture

  • From: Jaspreet Jolly <jsjolly@xxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Wed, 20 Jul 2011 10:43:08 +0530

Hi Ravi,

Long time no see... :)
To answer your question
1)            CAS in DMZ in not supported with Exchange 2007 and Exchange 2010.
2)            NAT your Public IP with CAS server IP is totally workable and supported solution in case you don’t have any Reverse Proxy like Forefront TMG 2010 to provide additional layer of security for Exchange server.

3)            ISA 2006 is no longer available as the latest version is called Forefront TMG 2010.

Also since you are planning to go for NATting and your HT and CAS reside on the same box, just make sure that you open only port 25 and 443 for incoming traffic and no other ports on the NAT device. 
In case you need more clarification on this scenario or why CAS not supported in DMZ, please feel free to contact me.
Jaspreet Jolly (Microsoft)

On Wed, Jul 20, 2011 at 12:27 AM, Ravi Dogra <dogra.ravi@xxxxxxxxx> wrote:

I am looking to make OWA and Active Sync available in most secured
way. here is my current network architectur:-

CCR mailbox cluster
HUB+CAS (installed on same node)

We have single firewall and have two segregated networks (say
'production' and 'internet'). I intend to configure something like
frontend server so that OWA and Active Sync services can be made

I am not sure what solution will be best considering security aspect.

Please suggest.

List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
Visit TechGenix.com for more information about our other sites:
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: