?
Solved

ISA Server, Exchange, DMZ-Intranet

Posted on 2002-03-25
4
Medium Priority
?
7,153 Views
Last Modified: 2013-11-16
I have a ISA Configuration looking like this:
Internet - ISA1 - DMZ - ISA2 - Intranet

The DMZ and Intranet are using 192.168.x.xxx addresses.

On the intranet is a Exchange Server 2000 with the "integrated" IIS  web
mail functionality.

I want to read the web mail from internet and therfore trying to publish
the exchange webserver via ISA2 and publish the ISA2 via ISA1. Since
exchange web mail relies on hostname I need to push the hostname all the
way through both ISA servers.

However, doing this I get the following error message when i browse this
page from the internet:
403 Forbidden - The server denies the specified Uniform Resource Locator
(URL). Contact the server administrator. (12202)
Internet Security and Acceleration Server

Any tips or ideas?
0
Comment
Question by:campell
  • 2
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 400 total points
ID: 6897349
Yes, don't do this!  Instead go with a full VPN setup and let your users access the actual internal mail server, among other things.

Yes, this is more work.  But it's also more powerful and likely more secure.
0
 
LVL 4

Assisted Solution

by:anzen
anzen earned 400 total points
ID: 6954271

You're breaking a lot of security rules, don't do it, the only safe way I see is moving the exchange server to the DMZ where it could be published using the "outer" ISA; the intranet users will then access it through the "inner" ISA server; this way if someone breaks into your mail server he won't be able to compromise your intranet


0
 
LVL 4

Expert Comment

by:anzen
ID: 6954277

Another note: it would be better to have the DMZ on a completely different subnet; i.e. if the intranet is using a 192.168.x.y subnet you could use a 10.x.y.z for the DMZ, this way if someone "penetrates" the DMZ he won't have a glue about the internal network addressing scheme

0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9709111
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between chris_calabrese and anzen.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Spectre and Meltdown, how it affects me and my clients?
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question