RE: B2B DMZ - ISA and Exchange 2k

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 26 Mar 2003 19:29:51 -0600

Hi Gillian,
 
You can't put the Exchange Server in the DMZ because you can't extend
the internal network forest into the DMZ.
 
Both the FE and BE should go into the internal network. You can use a
LAT based DMZ if you want to segregate the FE from the BE. You'll have
to create the appropraite IPSec filters and/or RRAS packet filters.
 
HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 

        -----Original Message-----
        From: Gillian Cook [mailto:gcook@xxxxxxx] 
        Sent: Wednesday, March 26, 2003 1:49 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] B2B DMZ - ISA and Exchange 2k
        
        
        http://www.ISAserver.org
        
        
        I'm curious how Exchange 2k and OWA are setup and secured in a
Back to Back DMZ with 2 ISA servers?
         
        Do you put the Exchange server (with OWA on the same server) in
the DMZ?  Or do you put OWA in the DMZ and Exchange2k server in the
private network?
         
        Is the standard practice to setup an Exchange Front End back end
setup?
         
        I bought and read your book Tom, which is excellent.  But I
didn't see this topic included in the DMZ section.
         
        Are there any published articles on this?
         
        Any thoughts?
         
        TIA,
         
        Gillian Cook
         
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts:

• » B2B DMZ - ISA and Exchange 2k
• » RE: B2B DMZ - ISA and Exchange 2k

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---