RE: [isalist]exchange rpc filter
- From: "Ara" <ara@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 17 Mar 2005 19:41:38 -0800
Dear Tom or anyone else who can help me on this
May I ask for help on minimal ports and protocols required to allow
outlook access for VPN clients? They are getting IP from DHCP inside the
network, something like 192.168.0.* .
There are 2 DNS servers which are also domain controllers inside and one
exchange 2003 server. I haven't setup RPC as looks to be impossible for
domain.local scenarios.
Any help is appreciated so I can get this project done.
I have setup dns allow rules from vpn to servers, also exchange rpc
filter is published to vpn client, but still I can't create profiles
Thank you
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Sunday, March 13, 2005 5:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: exchange rpc filter
http://www.ISAserver.org
Hi Ara,
1. Yes, its correct in the context of the scenario used in the document.
The Exchange Server is on a DC and the DNS is on the DC and the DNS is
configured to resolve both internal and external host names.
2. Yes, there should be a DNS allow rule allows members of the VPN
clients network access to the DNS server they need to a resolve internal
and external names
3. There is no need for TCP 445 from the VPN clients network to the
Exchange Server if all they need is secure Exchange RPC via a Server
Publishing Rule. It sounds like you're reading the doc that shows how to
control Exchange RPC access in a site to site VPN scenario and use
user/group based auth, which is sort of tricky :)
4. If this is a site to site VPN configuration, and you want to allow
all users at the branch office to the Exchange Server using Secure
Exchange RPC (or even if this is a remote access VPN connection and you
want to allow all users), then just create the Server Publishing Rule
and don't mess with the fancy stuff.
5. Remind me of your design goal and I'll send you the doc that applies
to your config. Unfortunately, they required that all the docs be put in
one humongous doc, which is not what I wanted and it was not designed to
be presented that way. I have all the separate docs here, so I can send
you the one that applies to your design goals.
HTH,
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Ara [mailto:ara@xxxxxxxxxxxxx]
Sent: Saturday, March 12, 2005 5:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] exchange rpc filter
http://www.ISAserver.org
Tom,
I have followed your vpn deployment kit for giving vpn users a full
outlook experience. Reading the instruction, there some confusion I am
facing with
* On page 137, you have a screen shot of rules order and
basically any required protocol to do this, but you are pointing the dns
to exchanger server it self. Is that that case when exchange is on same
domain controller?
* Would you clear me on a simple requirements that
1. there should be a dns allow rule from vpn clients to dns servers
inside ( domain controllers in most cases like mine)
2. There should be a rule created for tcp 445 and from vpn to
exchange itself? Is this correct?
3. There should be an exchange rpc filter rule from vpn to exchange
itself?
I followed those instructions but I am unable to create profiles from
outlook and get the message that mail server is unavailable. Then I
tracked on log file and found there are some requests for NetBIOS 137.
So I created an allow rule for it and worked but I believe that is not
the right way of doing it
Would you be so kind and give me a simple list of required protocols and
directions for outlook to work on vpn
Help is much appreciated
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
- » RE: [isalist]exchange rpc filter
