RE: MAPI trough ISA

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 25 Mar 2003 18:33:01 -0600

Hi Viktors,

If the clients are behind an ISA Server, they can install Feature Pack 1
and enable the RPC protocol outbound. Very simple and very effective. As
for Checkpoint and PIX, they'll either need to upgrade their firewall
admins or upgrade their firewalls to ISA Server ;-)

HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: VJudins@xxxxxxx [mailto:VJudins@xxxxxxx] 
Sent: Tuesday, March 25, 2003 4:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] MAPI trough ISA


http://www.ISAserver.org


Hi folks.

I have one interesting problem. I administer hosted Exchange 2000
Enterprise server which sit behind firewall. Clients come from different
networks. Clients use Exchange with MS Outlook 2000 or MS Outlook XP as
"Microsoft Exchange server". At this case MAPI is in use, but MAPI works
with RPC that uses dynamic ports. Firewall is CheckPoint FW-1. In
exchange
server i restrict port range (i allow 4 ports to be assigned for client
connections - MS KB article 270836) used by RPC and in FW i create rules
that allow access from clients to exchange on port 135 (RPC port mapper)
and allowed 4 ports. It's work fine (approx 2 years). In this situation
no
problem open same ports on client firewall. But at this moment i need
change my firewall to ISA server...

ISA server have great application filter called "Exchange RPC Server".
It
work fine, but only if client not have own firewall. If client have own
firewall that is ISA - problem can be resolved (this solution described
in
many articles in Microsoft, ISAserver.org and other sites). But problem
begin if client have any other firewall (CheckPoint, iptables or
others...)
and access from client to internet is restricted by ports. Client
firewall
administrators refuse dynamic port opening by security reasons. I can't
find solution for restricting port allocations in ISA server "Exchange
RPC
Server" filter.

Best regards,
Viktors Judins
=========================================
Digital Economy Advancement Center
http://www.deac.lv
=========================================



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » MAPI trough ISA
• » RE: MAPI trough ISA
• » RE: MAPI trough ISA
• » RE: MAPI trough ISA

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---