RE: B2B DMZ - ISA and Exchange 2k (OWA)
- From: "Gillian Cook" <gcook@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 27 Mar 2003 10:39:42 -0500
Thanks for info Tom and confirmation.
Another follow-up.
But what about OWA on the Ex2k server (no FE BE involved)? Currently,
we've got OWA published in working order with a single ISA server.
What steps would need to be done (in a B2B DMZ setup) to access
(publish) the internal web site (OWA)? I'm still unclear about that.
I understand that web and server publishing rules are used for granting
access in and protocol rules are used for access out. I'm not sure how
this corresponds in the Back to Back DMZ config with OWA on the internal
network. How does the External ISA server know how to get to the
internal network to find the OWA server in the web publishing rule?
Am I missing something obvious?
TIA,
Gillian Cook
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, March 26, 2003 8:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: B2B DMZ - ISA and Exchange 2k
http://www.ISAserver.org
Hi Gillian,
You can't put the Exchange Server in the DMZ because you can't
extend the internal network forest into the DMZ.
Both the FE and BE should go into the internal network. You can
use a LAT based DMZ if you want to segregate the FE from the BE. You'll
have to create the appropraite IPSec filters and/or RRAS packet filters.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Gillian Cook [mailto:gcook@xxxxxxx]
Sent: Wednesday, March 26, 2003 1:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] B2B DMZ - ISA and Exchange 2k
http://www.ISAserver.org
I'm curious how Exchange 2k and OWA are setup and
secured in a Back to Back DMZ with 2 ISA servers?
Do you put the Exchange server (with OWA on the same
server) in the DMZ? Or do you put OWA in the DMZ and Exchange2k server
in the private network?
Is the standard practice to setup an Exchange Front End
back end setup?
I bought and read your book Tom, which is excellent.
But I didn't see this topic included in the DMZ section.
Are there any published articles on this?
Any thoughts?
TIA,
Gillian Cook
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: gcook@xxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
