That's probably because of all hoops we had to jump through for an FE-BE
Ex2000 config-- your brain gets "used" to thinking that way...
Not only did you have to have a separate FE in Ex2000, but you also had to
make sure you secured the FE-to-BE authentication traffic, as it was
required to be basic authentication over HTTP. While the User-to-FE
connection could certainly be HTTPS with your choice of authentication
mechanisms, the FE-to-BE call *had* to be basic auth over HTTP. I always
had to do an IPSec policy from the FE to all BE's in order to secure that
traffic.
At least in Ex2003 the FE-to-BE authentication can be set to NTLM (v1, v2
based on config) to obviate the trivial capture of basic auth. Of course,
the mail traffic passed between the boxes is still HTTP and viewable in net
captures. (I still use IPSec to secure the traffic between the two boxes,
actually)
There... That should make you feel better about your eyes ;) t
http://www.ISAserver.org
Hi Tim,
That's great!
But you know, I think I need new glasses, because I've setup front-end/back-end Exch2003 boxes and even homed mailboxes on both devices. Its amazing how I get locked into a certain world-view in spite of what I've seen before my own eyes :)
Thanks!
Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Thursday, August 04, 2005 9:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA2004, two backend Exch 2003 server without a frontend.
http://www.ISAserver.org
Indeed. You are no longer bound to having a non-mailbox-hosting server in Ex2003 in order to make it a FE server as you were in Ex2000.
t
----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 04, 2005 7:05 AM
Subject: [isalist] RE: ISA2004, two backend Exch 2003 server
without a
frontend.
http://www.ISAserver.org
Hey Tim,
Does that mean the FE in Exch2003 can host mailboxes?
Thanks!
Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Thursday, August 04, 2005 9:02 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA2004, two backend Exch 2003 server
> without a frontend.
>
> http://www.ISAserver.org
>
> FYI- In Ex2003, you don't have install a separate FE server
> as you did in
> Ex2000... You can just set one of the existing ones as a FE
> server in the
> server properties.
>
> t
>
> ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, August 03, 2005 9:52 PM
> Subject: [isalist] RE: ISA2004, two backend Exch 2003 server
> without a
> frontend.
>
>
> http://www.ISAserver.org
>
> Hi Eric,
>
> That's right. You'll need to bind a second address to the external
> interface.
>
> HTH,
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: Eric [mailto:Eric.Beza@xxxxxxxxxxxxxxxx]
> > Sent: Wednesday, August 03, 2005 11:46 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA2004, two backend Exch 2003 server
> > without a frontend.
> >
> > http://www.ISAserver.org
> >
> > It is telling me that the original listener is using a
> > siminlar address
> > and port and can not overlap.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
