RE: FW: WinXP SP1, Outlook 2000, and ISA

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 25 Feb 2003 17:39:02 -0600

Hi Edward,

I like your methods, as they're the same as mine :-) The Exchange Server
never gets direct inbound connections, and never makes direct outbound
connections. SMTP relay is used for inbound and outbound messages and
DNS is done by an internal DNS server.

Of course, this is harder to do with POP3, etc -- but FE/BE can deal
with this problem too ;-)

Thanks!
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Edward Sullivan [mailto:esullivan@xxxxxxx] 
Sent: Tuesday, February 25, 2003 8:11 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA


http://www.ISAserver.org


Indeed. Not having it behind the ISA server creates a huge security
hole.

We use a IIS smtp screener which forwards all email to the smart host,
the exchange server. The screener runs GFI mailessentials and
mailsecurity. The exchange server runs a seperate AV product, so 4
antivirus engines check all incoming messages and no direct connections
ever touch the Exchange server. The screener and the Exchange server
both sit behind our firewall, the screener is in the DMZ of course.

I can be dense at times, which is why I spell things out for others. I
often miss the hint.....
 

-----Original Message-----
From: Friese, Casey <cfriese@xxxxxxxxxxxxx>
To: [ISAserver.org Discussion List] <isalist@xxxxxxxxxxxxx>
Sent: Tue Feb 25 07:57:31 2003
Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA

http://www.ISAserver.org


That's what I'm hinting to him as well Ed...




-----Original Message-----
From: Edward Sullivan [mailto:esullivan@xxxxxxx]
Sent: Tuesday, February 25, 2003 8:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA


http://www.ISAserver.org


I would strongly recommend you move your exchange server inside to your
10.x network, then use smtp and owa publishing for external connections.
This makes your network more secure, and will more than likely solve
your connectivity issues. Exchange 2000 uses AD heavily, and seperating
it from your main network will complicate things. (assuming you have
exchange 2000)

-----Original Message-----
From: Friese, Casey <cfriese@xxxxxxxxxxxxx>
To: [ISAserver.org Discussion List] <isalist@xxxxxxxxxxxxx>
Sent: Tue Feb 25 07:41:06 2003
Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA

http://www.ISAserver.org


Is there no local network between the ISA and the Exchange Server?
Example..using your numbers, here's how my design is:
All my XP SP1 Clients work fine.

Intranet (10.0.x.x)
   |
ISA Server (10.0.x.x) South
           (10.112.x.x)Local DMZ ------ Exchange Server (10.112.x.x)
             (66.43.x.x) North
   |
Cisco Router (66.43.x.x)
   |
Internet

-----Original Message-----
From: rbell@xxxxxxxxxx [mailto:rbell@xxxxxxxxxx]
Sent: Tuesday, February 25, 2003 8:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA


http://www.ISAserver.org


okay here goes... working from a LAT setup.
I have an internal network and W2K server that is the DHCP/DNS for
internal net. All clients are running the ISA firewall client. Out in
the DMZ are the web servers and the Exchange server. 

Intranet (10.0.x.x) DC runs DHCP and DNS servers
        |
ISA server      (10.0.x.x) south
                (66.43.x.x) north

        |
Exchange server (66.43.x.x) also DNS server
        |
Cisco router (66.43.x.x)
        |
Internet

On all the other (non-SP1) outlook setups (outlook 2000) I create an
exchange account in Outlook and connect without problem. On the SP1
units or units that have had SP1 installed I am denied access. On the
systems that I can remove SP1 from all works great as soon as it is off
the system. FTP is also denied on these systems, but like exchange some
back after SP1 is removed. the real trouble is the units that have SP1
integrated into the WinXP OS installation CD.


Rich



-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Sunday, February 23, 2003 12:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: WinXP SP1, Outlook 2000, and ISA


http://www.ISAserver.org


Hi Richard,

You say the Exchange Server is in a DMZ. What kind of DMZ? Are the
clients trying to connection from a LAT or non-LAT network?

Thanks!
Tom


Thomas W Shinder 
www.isaserver.org/shinder 
-----Original Message-----
From: rbell@xxxxxxxxxx [mailto:rbell@xxxxxxxxxx] 
Sent: Friday, February 21, 2003 9:53 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: WinXP SP1, Outlook 2000, and ISA


http://www.ISAserver.org


I have several W2K, and WinXP stations running Outlook with a live
connection to an Exchange server in the DMZ.  All was fine until I
installed WinXP SP1.  After installation of SP1 I can not longer connect
to the exchange server or even use FTP.  I can however surf the web.  I
am running the ISA firewall client on all stations.  This appears to be
a WinXP SP1 issue as on the stations that I can remove SP1 from the
connections return. However I have new stations that have WinXP with SP1
integrated.  Is there a setting that after SP1 needs to be changed in
the ISA server that I didn't need before SP1?



Richard Bell 
MIS Director 
Microfilm Services, Inc. 
www.msifla.net 
rbell@xxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rbell@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cfriese@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
esullivan@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cfriese@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
esullivan@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA
• » RE: FW: WinXP SP1, Outlook 2000, and ISA

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---