Hi Stephena- I have this exact setup... The DMZ is what you want to make attackers get through in order to GET to Active Directory... Not only is EX2k a nice price to get from a DMZ breech, the ports you would have to open up (assuming it contains mailboxes) to allow client access from the LAN would be far too dangerous. I highly recommend a DMZ SMTP-Gateway that will accept SMTP from the external ISA box, scan for viruses and strip attachments, that then smart-hosts the mail to the perimeter ISA that publishes to the internal EX2k box. Something like this- Net -> Ext ISABox -> SMTP Server Publishing to DMZ SMTP Gateway -> DMZ SMTP Gateway Actions -> Smart Host delivery acto perimeter ISA IP Address -> Server Published to Internal EX2k. With SMTP filtering on the ISA boxes. My .02 anyway... T ----- Original Message ----- From: "Stephen Herrera" <sherrera@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, September 24, 2003 12:37 PM Subject: [isalist] OT Slightly: Exchange 2000 > http://www.ISAserver.org > > > I am preparing to deploy and Exchange 2000 server. I have a back to back ISA > server environment. I am doing some test installs of Exchange before I put > the production server in place. I am curious as to where is the preferred > place to put the server, in the DMZ or on the LAN. I was thinking the DMZ > until I saw that you can see all of your Active Directory through exchange. > Any input is appreciated. > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') >