Deploying Exchange 2003

  • From: Alejandro Contreras <acontreras@xxxxxx>
  • To: "'exchangelist@xxxxxxxxxxxxx'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 30 Dec 2003 10:17:04 -0500

Hi Al,
I agree with what you've mentioned below. The only reason we added the
additional OWA zone was in order allow our IDS people to monitor all traffic
between the appliance and OWA, and OWA and the Domain controllers inside. We
actually left all ports open between the OWA zone and the trusted network at
first, and then locked it tight so only the authentication and communication
ports where open.

Application Server       To KDC  Return traffic 
Initial ticket request   88/udp  xxxx/udp       
Kerberos 5-to-4 ticket conversion        4444/udp        xxxx/udp       
LDAP     389/tcp         xxxx/tcp               
Used a host file entry on OWA for DCs.          
I think I got all of them.

Other related posts: