RE: B2B DMZ - ISA and Exchange 2k (OWA)

• From: "Gillian Cook" <gcook@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 27 Mar 2003 10:39:42 -0500

http://www.ISAserver.org


Thanks for info Tom and confirmation.
 
Another follow-up.   
 
But what about OWA on the Ex2k server (no FE BE involved)?  Currently,
we've got OWA published in working order with a single ISA server.
 
What steps would need to be done (in a B2B DMZ setup) to access
(publish) the internal web site (OWA)?   I'm still unclear about that.
I understand that web and server publishing rules are used for granting
access in and protocol rules are used for access out.  I'm not sure how
this corresponds in the Back to Back DMZ config with OWA on the internal
network.  How does the External ISA server know how to get to the
internal network to find the OWA server in the web publishing rule?
 
Am I missing something obvious?
 
TIA,
Gillian Cook

        -----Original Message-----
        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
        Sent: Wednesday, March 26, 2003 8:30 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: B2B DMZ - ISA and Exchange 2k
        
        
        http://www.ISAserver.org
        
        
        Hi Gillian,
         
        You can't put the Exchange Server in the DMZ because you can't
extend the internal network forest into the DMZ.
         
        Both the FE and BE should go into the internal network. You can
use a LAT based DMZ if you want to segregate the FE from the BE. You'll
have to create the appropraite IPSec filters and/or RRAS packet filters.
         
        HTH,
        Tom

        Thomas W Shinder 
        www.isaserver.org/shinder 
        ISA Server and Beyond: http://tinyurl.com/1jq1 
        Configuring ISA Server: http://tinyurl.com/1llp 

                -----Original Message-----
                From: Gillian Cook [mailto:gcook@xxxxxxx] 
                Sent: Wednesday, March 26, 2003 1:49 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] B2B DMZ - ISA and Exchange 2k
                
                
                http://www.ISAserver.org
                
                
                I'm curious how Exchange 2k and OWA are setup and
secured in a Back to Back DMZ with 2 ISA servers?
                 
                Do you put the Exchange server (with OWA on the same
server) in the DMZ?  Or do you put OWA in the DMZ and Exchange2k server
in the private network?
                 
                Is the standard practice to setup an Exchange Front End
back end setup?
                 
                I bought and read your book Tom, which is excellent.
But I didn't see this topic included in the DMZ section.
                 
                Are there any published articles on this?
                 
                Any thoughts?
                 
                TIA,
                 
                Gillian Cook
                 
                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Exchange Server Resource Site:
http://www.msexchange.org/
                Windows Security Resource Site:
http://www.windowsecurity.com/
                Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub') 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: gcook@xxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
NVuba@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

• » RE: B2B DMZ - ISA and Exchange 2k (OWA)
• » RE: B2B DMZ - ISA and Exchange 2k (OWA)
• » RE: B2B DMZ - ISA and Exchange 2k (OWA)
• » RE: B2B DMZ - ISA and Exchange 2k (OWA)
• » RE: B2B DMZ - ISA and Exchange 2k (OWA)

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription