RE: External clients & firewall not in a domain

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sat, 6 Sep 2003 11:47:04 -0500

Hey guys,
You do NOT need to use VPN to have full Outlook MAPI client access to
Exchange. ISA Sever firewalls allow you to do secure Exchange RPC
publishing, which is about 10,000 times more secure than VPN access. 
VPN access allows the client to access all resources on the internal
network, which is an invitation to allowing worms in. I've seen a number
of networks that were infected by VPN clients. I have seen no networks
infected because of secure ISA firewall RPC publishing. None. Why?
Because ISA firewalls protect you from RPC exploits. 
The pix firewall let them through and do not protect you. All the
infected networks I've seen have been "protected" by pix.
ISA VPNs work great, BTW, and are a lot easier to configure and manage
than the dreaded pix. Check out:
If you want to publish Exchange services securely, check out:
I'll update the list of article links later today.
Thomas W Shinder <>  
ISA Server and Beyond:
Configuring ISA Server:


        -----Original Message-----
        From: Ron Harris [mailto:rharris@xxxxxxxxxxxxxxxx] 
        Sent: Friday, September 05, 2003 3:37 PM
        To: [ExchangeList]
        Subject: [exchangelist] RE: External clients & firewall not in a

        Has anyone been using a Cisco VPN Concentrator with the Software
Client to VPN into the internal network?  I believe some ISPs are still
blocking TCP port 135.  


        Should an IPSec tunnel help with Exchange access when these
ports are blocked?



Other related posts: