RE: multiple domain extension
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 7 Jul 2004 07:33:57 -0500
Hi Joseph,
In the back to back DMZ, having all the machines running Win2003
provides you a lot of options. Front-end and back-end firewalls can be
ISA 2004 firewalls, with the back-end firewall being a domain member.
Your DMZ host can act an both an incoming and outgoing SMTP relay, and
you can use it for your unihomed RPC proxy for incoming RPC over HTTP
connections to the Exchange Server on the Internal network.
If you want to even have more fun, put a third NIC in the front end ISA
firewall and put the SMTP relay there. The third NIC would represent the
anonymous access segment where you put your public servers, and the
segment between the front end and back end ISA firewall represents the
authenticated DMZ, so no anonymous access there.
HTH,
Tom
-----Original Message-----
From: josephk [mailto:josephk@xxxxxxxxx]
Sent: Wednesday, July 07, 2004 6:53 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: multiple domain extension
http://www.ISAserver.org
Hi Thomas,
What is a good configuration? I've been switching over to windows 2003
on my machines.
I'm just not sure if I should change the EXT ISA box over to 2003 yet.
It is setup
With message screener forwarding out to dmz relay SMTP. I'll have
another Windows 2003 machine setup later for doing the SMTP relay so
that means for me EXT ISA(STILL W2K) >> DMZ - WEB/SMTP(windows 2003) -
DNS(still w2k) >> internal ISA (windows 2003) >> Exchange 2003(windows
2003) - AD (windows 2003).
When I get another copy of windows 2003, would it also be a good idea to
change the EXT ISA machine over to 2003?
What are some of the new benefits in a back to back with all primary
servers being of the windows 2003 family?
Because I would like to setup VPN and Mail so that clients can utilize
their own copy of outlook. Plus, I'm thinking Of adding share point 3.0.
And will add ISA 2004 when that is finally out.
Thank you,
Joseph
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 07, 2004 4:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: multiple domain extension
http://www.ISAserver.org
Hi Ryan,
The ISA firewall won't deny relay unless its configured as an SMTP
relay.
HTH,
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message-----
From: Ryan Sinclair [mailto:ryan@xxxxxxxxx]
Sent: Wednesday, July 07, 2004 6:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] multiple domain extension
Importance: Low
http://www.ISAserver.org
I've recently installed ISA server and published my exchange server
through it , problem is I have 2 domain extensions (domain.com and
domain.co.za) but the co.za mail does not get to the exchange server. I
recive a relaying denied error, .com works fine. I was running a Linux
firewall Before the change over and the .co.za domain worked.
Any help would be appreciated.
Ryan Sinclair
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
