RE: Connectivity through PIX firewall

  • From: "Mike Liddekee" <mliddekee@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 9 Nov 2004 08:41:04 -0600

Why oh why would you want to open up such insecurity to your Exchange
box?  As someone previously mentioned, if you must, you should consider
something like ISA server or move to Exchange 2003 for RPC over HTTPS.
We don't have either of these in place but what we do is utilize a VPN
to put outside travelers on the inside network for Outlook access.
Since you're running a PIX (you don't say what model) you can use VPN
straight to it.  You will loose some functionality by doing so (browsing
web while connected).  We used this option for about two months and
ended up putting a VPN concentrator in place.  Good functionality for
outside users besides just outlook access.




Mike Liddekee

Network Engineer


Humco Holding Group, Inc.

7400 Alumax Dr. 

Texarkana, TX  75501

Ph:  (903) 831-7808 ext 697


-----Original Message-----
From: Bindesh Patel [mailto:Bindesh.Patel@xxxxxxxxxxx] 
Sent: Tuesday, November 09, 2004 5:58 AM
To: [ExchangeList]
Subject: [exchangelist] Connectivity through PIX firewall

Hi all,


i am trying to implement a new exchnage environment and have some
questions regarding connection from outlook clients to exchnage 2000
cluster though a firewall.

we have opened up ports 25, 135, and 435 to the exchnage server from
clients but what seems to happen is that exchnage picks random ports
when connecting to the information store and directory services. We dont
want to open the firewall for hundreds of these port numbers( ie 5000,
5421 etc)  and was wondering of we could use something like IP Sec to
determine connectivity. Has anyone come across this issue? we have tried
to assign these staticaly but does not work with exchnage in a clustered


any help will be appreciated.



many thanks


Bindesh Patel.

This email has been scanned by the MessageLabs Email Security System.
For more information please visit 
List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx 

This e-mail, and any attachments, has been checked by us for computer
viruses. Although none have been detected we cannot guarantee that it is
completely free from such problems and we do not accept any liability
for loss or damage that may be caused. We would therefore advise you to
carry out your own virus checks before opening any attachments. If you
do find a computer virus please inform us immediately by e- mailing
administrator@xxxxxxxxxxx so that we may take appropriate action. The
contents and attachments are intended solely for the addressee and are
confidential. If you are not the intended recipient, any
disclosure,copying, distribution or any action taken, or omitted to be
taken, in reliance on it, is prohibited and may be unlawful If you have
received this message in error, please notify the sender by e-mail
immediately, and delete the message from your computer without making
any copies.

Other related posts: