RE: Back to Back RPC for exchange and SMTP Relay

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 2 Sep 2004 06:44:08 -0500

Hi Joseph,

Is the Exchange Server in the DMZ? I don't see why outbound access to
the RPC port mapping would be required otherwise. Is the Exchange domain
located in the DMZ? If not, things will get very sticky. I'd put the
Exchange Server behind the back-end ISA firewall and allow secure
Exchange RPC inbound past both ISA firewalls.

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: josephk [mailto:josephk@xxxxxxxxx] 
Sent: Thursday, September 02, 2004 3:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Back to Back RPC for exchange and SMTP Relay


http://www.ISAserver.org

Hi there,

Been working on mail systems since I seem to be attacked by unknown's.

Decided to setup Exchange RPC. I also have an SMTP relay.

Have the rules for:
135 TCP Outbound
1025 - 65534 TCP Outbound 
On both my ISA boxes in the back to back.

Also, external ISA is forwarding to a mail relay in the DMZ
That talks with the back end exchange box.

Sometimes I see rpc rules listed in log but, nothing is returned.
It is not consistent so I can't really tell what is going on.

Yup still running ISA 2000.  What conflicts can
Anyone see in this type of setup?

Thank you,

Joseph

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


Other related posts: