Solved

ISA Server, Exchange, DMZ-Intranet

Posted on 2002-03-25
4
7,124 Views
Last Modified: 2013-11-16
I have a ISA Configuration looking like this:
Internet - ISA1 - DMZ - ISA2 - Intranet

The DMZ and Intranet are using 192.168.x.xxx addresses.

On the intranet is a Exchange Server 2000 with the "integrated" IIS  web
mail functionality.

I want to read the web mail from internet and therfore trying to publish
the exchange webserver via ISA2 and publish the ISA2 via ISA1. Since
exchange web mail relies on hostname I need to push the hostname all the
way through both ISA servers.

However, doing this I get the following error message when i browse this
page from the internet:
403 Forbidden - The server denies the specified Uniform Resource Locator
(URL). Contact the server administrator. (12202)
Internet Security and Acceleration Server

Any tips or ideas?
0
Comment
Question by:campell
  • 2
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 100 total points
ID: 6897349
Yes, don't do this!  Instead go with a full VPN setup and let your users access the actual internal mail server, among other things.

Yes, this is more work.  But it's also more powerful and likely more secure.
0
 
LVL 4

Assisted Solution

by:anzen
anzen earned 100 total points
ID: 6954271

You're breaking a lot of security rules, don't do it, the only safe way I see is moving the exchange server to the DMZ where it could be published using the "outer" ISA; the intranet users will then access it through the "inner" ISA server; this way if someone breaks into your mail server he won't be able to compromise your intranet


0
 
LVL 4

Expert Comment

by:anzen
ID: 6954277

Another note: it would be better to have the DMZ on a completely different subnet; i.e. if the intranet is using a 192.168.x.y subnet you could use a 10.x.y.z for the DMZ, this way if someone "penetrates" the DMZ he won't have a glue about the internal network addressing scheme

0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9709111
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between chris_calabrese and anzen.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question