RE: External clients & firewall not in a domain

  • From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 5 Sep 2003 14:46:00 +0100

 
If you do have isa, get it to sp1/fp1 level and you can then safely and 
securely publish your exchange server to the outside world for outlook access.
 
good place to start is www.isaserver.org.
 
HTH
 
Steve




--------------------------------------------------------------------------------
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Friday, September 05, 2003 10:18 AM
To: [ExchangeList]


http://www.MSExchange.org/

Ahhh...the open port buttons strike again.
 
 
:))




--------------------------------------------------------------------------------
From: Mike Liddekee [mailto:mliddekee@xxxxxxxxx] 
Sent: Friday, September 05, 2003 10:03 AM
To: [ExchangeList]


http://www.MSExchange.org/

The only way for outlook to log in from the outside (even though you already 
have the ip open) is to have several ports open at that address.  However 
opening those ports blindly to the internet == BAD.  Repeat after me... "I will 
not open up my network to hackers"

 

Since you're using Exch2K, You would have really two options:  1) VPN and 2) 
OWA.  Of course I guess you could do dial-up RAS but does anybody actually 
still use that stuff?  J

 

We use a combination of VPN & OWA here at our facility and have a number of 
users who travel frequently with laptops.  Do you have any type of firewall in 
place besides the ISA server?

 

 

Regards,

Mike Liddekee

Network Engineer

 

Humco Holding Group, Inc.

7400 Alumax Dr. 

Texarkana, TX  75501

Ph:  (903) 831-7808 ext 697

 

-----Original Message-----
From: Varga Pavol [mailto:pavol.varga@xxxxxxxxxxx] 
Sent: Friday, September 05, 2003 1:11 AM
To: [ExchangeList]
Subject: [exchangelist] RE: External clients & firewall not in a domain

 

http://www.MSExchange.org/

    Hello Tom,

    we use M$Outlook 2000, and we want access ours mailboxes for e-mailing.

    Regards!

    Pavol.

 

    

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, September 04, 2003 9:44 PM
To: [ExchangeList]
Subject: [exchangelist] RE: External clients & firewall not in a domain

http://www.MSExchange.org/

Hi Varga,

 

What services do you want to access from the external Outlook client? What 
version of Outlook are you using?

 

Thanks!

Tom

 

 

Thomas W Shinder

www.isaserver.org/shinder 

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server: http://tinyurl.com/1llp

 

-----Original Message-----
From: Varga Pavol [mailto:pavol.varga@xxxxxxxxxxx] 
Sent: Thursday, September 04, 2003 2:29 PM
To: [ExchangeList]
Subject: [exchangelist] External clients & firewall not in a domain

http://www.MSExchange.org/



        
        Hi all, 
        please, how to configure firewall (which is not in domain) and Exchange 
2k Server (with internal IP) to allow external client access to their mailboxes?

        
        I have already set: 
        Exchange 2k Server 
        - Active Directory\Users\Properties\Dial-in\Remote Access Permission 
(Dial-in or VPN)\Allow access & No Callback

        ISA Server (firewall & proxy server, not in a domain) 
        - Access Policy: 
                Mail wizard rule SMTP, SMTPs 
                outgoing smtp, pop3, imap4 
                ssh, imcp, dns 
                + IP Packet filters VPN (PPTP, L2TP), DHCP, DNS, ICMP 

        I was trying also to configure Outlook account with external IP of 
firewall = Outlook could not logon. 
        Is VPN configuring both client and servers only way to resolve it? And 
how? 

        Thank for any advice. 


________________________________

From: Varga Pavol [mailto:pavol.varga@xxxxxxxxxxx] 
Sent: Friday, September 05, 2003 10:41 AM
To: [ExchangeList]


http://www.MSExchange.org/

No, we haven´t.
 
>Do you have any type of firewall in place besides the ISA server?
 
Regards!

        -----Original Message-----
        From: Mike Liddekee [mailto:mliddekee@xxxxxxxxx] 
        Sent: Friday, September 05, 2003 3:03 PM
        To: [ExchangeList]
        Subject: [exchangelist] RE: External clients & firewall not in a
domain
        
        
        http://www.MSExchange.org/
        

        The only way for outlook to log in from the outside (even though
you already have the ip open) is to have several ports open at that
address.  However opening those ports blindly to the internet == BAD.
Repeat after me... "I will not open up my network to hackers"

         

        Since you're using Exch2K, You would have really two options:
1) VPN and 2) OWA.  Of course I guess you could do dial-up RAS but does
anybody actually still use that stuff?  J

         

        We use a combination of VPN & OWA here at our facility and have
a number of users who travel frequently with laptops.  Do you have any
type of firewall in place besides the ISA server?

         

         

        Regards,

        Mike Liddekee

        Network Engineer

         

        Humco Holding Group, Inc.

        7400 Alumax Dr. 

        Texarkana, TX  75501

        Ph:  (903) 831-7808 ext 697

         

        -----Original Message-----
        From: Varga Pavol [mailto:pavol.varga@xxxxxxxxxxx] 
        Sent: Friday, September 05, 2003 1:11 AM
        To: [ExchangeList]
        Subject: [exchangelist] RE: External clients & firewall not in a
domain

         

        http://www.MSExchange.org/

            Hello Tom,

            we use M$Outlook 2000, and we want access ours mailboxes for
e-mailing.

            Regards!

            Pavol.

         

            

                -----Original Message-----
                From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
                Sent: Thursday, September 04, 2003 9:44 PM
                To: [ExchangeList]
                Subject: [exchangelist] RE: External clients & firewall
not in a domain

                http://www.MSExchange.org/

                Hi Varga,

                 

                What services do you want to access from the external
Outlook client? What version of Outlook are you using?

                 

                Thanks!

                Tom

                 

                 

                Thomas W Shinder

                www.isaserver.org/shinder
<http://www.isaserver.org/shinder>  

                ISA Server and Beyond: http://tinyurl.com/1jq1

                Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

                 

                        -----Original Message-----
                        From: Varga Pavol
[mailto:pavol.varga@xxxxxxxxxxx] 
                        Sent: Thursday, September 04, 2003 2:29 PM
                        To: [ExchangeList]
                        Subject: [exchangelist] External clients &
firewall not in a domain

                        http://www.MSExchange.org/
                        
                        

                                
                                Hi all, 
                                please, how to configure firewall (which
is not in domain) and Exchange 2k Server (with internal IP) to allow
external client access to their mailboxes?

                                
                                I have already set: 
                                Exchange 2k Server 
                                - Active
Directory\Users\Properties\Dial-in\Remote Access Permission (Dial-in or
VPN)\Allow access & No Callback

                                ISA Server (firewall & proxy server, not
in a domain) 
                                - Access Policy: 
                                        Mail wizard rule SMTP, SMTPs 
                                        outgoing smtp, pop3, imap4 
                                        ssh, imcp, dns 
                                        + IP Packet filters VPN (PPTP,
L2TP), DHCP, DNS, ICMP 

                                I was trying also to configure Outlook
account with external IP of firewall = Outlook could not logon. 
                                Is VPN configuring both client and
servers only way to resolve it? And how? 

                                Thank for any advice. 

                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
                Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
                Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Other Internet Software Marketing Sites:
                Leading Network Software Directory:
http://www.serverfiles.com
                No.1 ISA Server Resource Site: http://www.isaserver.org
                Windows Security Resource Site:
http://www.windowsecurity.com/
                Network Security Library: http://www.secinf.net/
                Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                ------------------------------------------------------
                You are currently subscribed to this MSExchange.org
Discussion List as: pavol.varga@xxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub') 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
        Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
        Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 ISA Server Resource Site: http://www.isaserver.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this MSExchange.org Discussion
List as: mliddekee@xxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
        Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
        Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 ISA Server Resource Site: http://www.isaserver.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this MSExchange.org Discussion
List as: pavol.varga@xxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 


This E-Mail is confidential. It is not intended to be read, copied, disclosed 
or used by any person other than the recipient named above. 


Unauthorised use, disclosure, or copying is strictly prohibited and may be 
unlawful. Optimum IT Solutions disclaims any liability for any action taken in 
connection of this E-Mail. The comments or statements expressed in this E-Mail 
are not necessarily those of Optimum IT Solutions or its subsidiaries or 
affiliates.

administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx 




Other related posts: