dosti_p
asked on
Exchange 2000 Server in DMZ
I have Exhange 2000 server with LDAP Authentication with Windows ADS and is kept in DMZ of Appliance based Firewall(Sonicwall with 3 ports LAN,WAN &DMZ in NAT mode.)
When Exchange Server was in LAN it was possible for WAN user to get Authenticate to windows Server when they tried to access Exhange Server from Outside.
1)Now when Exchange server is in DMZ its not possible to do Authentication .
2) How can Administrator Manage Eschange server from Lan
What is the procedure to follow for Authentication and Mangement to happen.
What ports required to be opened and for which services.
Regards
Prasad
prasad_patkar@pcsil.com
Is there
When Exchange Server was in LAN it was possible for WAN user to get Authenticate to windows Server when they tried to access Exhange Server from Outside.
1)Now when Exchange server is in DMZ its not possible to do Authentication .
2) How can Administrator Manage Eschange server from Lan
What is the procedure to follow for Authentication and Mangement to happen.
What ports required to be opened and for which services.
Regards
Prasad
prasad_patkar@pcsil.com
Is there
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with irmoore
I also agree with lrmoore.
The font-end / back-end Exchange server outlined in the MS KB is a very expensive proposition when you consider the horsepower of the server to run it on, and the cost of an additional Exchange Server license. Just looking at the list of ports that need to be opened scares the heck out of me.
Something like an ESafe appliance in the DMZ is a much more secure, much less expensive solution:
http://www.esafe.com/esafe/appliance.asp?cf=tl
Something like an ESafe appliance in the DMZ is a much more secure, much less expensive solution:
http://www.esafe.com/esafe/appliance.asp?cf=tl
Hi Prasad,
I am currently a Sonic Wall reseller and am very familiar with all Sonic Wall products. What you are attempting to do is common. It is also in my opinion risky. I would recommend leaving the exchange inside your local lan and putting an inexpensive mail server on your DMZ such as IMAIL by ipswith or something of the likes. That way if your mail server is compromised, your more confidential data isnt such as calendars, tasks, master contact lists, etc... This is a very simple and cheap solution to implement. If you would be interested or could use some help drop me a line at coakley@cornerstonemail.co m. If you are set on the way you have it now. Keep in mind that with the Sonic Wall, DMZ is totally cutoff from coming back into the lan and I have seen many issues with windows kerberos. I would recommend putting VNC on your Exchanger server and just VNCing into it from your Lan side server. Hope this helps.
Casey
I am currently a Sonic Wall reseller and am very familiar with all Sonic Wall products. What you are attempting to do is common. It is also in my opinion risky. I would recommend leaving the exchange inside your local lan and putting an inexpensive mail server on your DMZ such as IMAIL by ipswith or something of the likes. That way if your mail server is compromised, your more confidential data isnt such as calendars, tasks, master contact lists, etc... This is a very simple and cheap solution to implement. If you would be interested or could use some help drop me a line at coakley@cornerstonemail.co
Casey
I think that we have a consensus that I should get the points..
Such as kerberos , LDAP, etc.
Take a look here for all you need:
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
Or you can use Outlook Web Access.
For managing Exchange server from LAN you can use Remote Desctop Connection. It uses TCP port 3389.
Regards