Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Requirments for configuring a exchange server which is connected to Internet for a diffrent domain

Posted on 2003-03-12
9
Medium Priority
?
230 Views
Last Modified: 2010-03-19
Hi,

There are two different domains one for Internet users and other for data users, they are physically separate from each other. The domain for Internet is connected with leased line to exchange 2000 server through proxy server. The requirment is to let the user of data domain access email from exchange 2000 server and also keep the data of data domain safe by not allowing the others to access the data except the data domain users. I would be thankful to you if you put light on the siutation and suggest a solution.

Regards,

Mohammed Hussain Zahid
Nesma Internet
Riyadh, KSA.
0
Comment
Question by:mhzahid
9 Comments
 
LVL 1

Expert Comment

by:compuphonic
ID: 8118828
A physical connection between the data domain and the internet domain will be required.

You might want to install an additional network card in the exchange server, ensure routing is switched off, and use this to connect to your data domain.

Put a one way trust in place.

For extra security add a firewall that only allows ports configured for use on your exchange server.
0
 
LVL 9

Expert Comment

by:cooledit
ID: 8118979
right solution:

Look up at Cisco site inquire DMZ zones.

I recommend u set up a DMZ zone in the case that if correct configured it is possible to do all kind of security as required..
0
 
LVL 9

Expert Comment

by:cooledit
ID: 8118993
sorry here again

easy way to configure.

Internet cloud - Router - Switch - DMZ - Exchange
If you need some drawings to better understand it I´ll send u some ..
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Expert Comment

by:compuphonic
ID: 8119081
cooledit you forgot to mention how your DMZ connects to the interanl network ?

All you've described is what he has already ?
0
 

Expert Comment

by:japeters
ID: 8120004
More info is required, Mr. Zahid.  First, do both sites have internet access?  Are these 2 different locations? It sounds like the Exchange is at the data users site, but the internet users are the ones using it for email at this time.  Is that correct??  If so, are they using POP, IMAP, or a direct exchange connection?  Is the Exchange server a member of the Data user domain, or a member of the Internet users (regardless of physical location).  And the fact that you said there's a Proxy server in the mix is really frightening...
So far, none of the above comments are going to be useful to you...add more info to get some useful feedback.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 8120543
Could you provide a rough drawing of the setup described above?
0
 
LVL 9

Accepted Solution

by:
cooledit earned 225 total points
ID: 8121946
hmm do not know if this ASCI would be helpfull.

IPSEC(Leasedline)
      I
    Router
      I
    Switch
      I
     DMZ 1 (Proxyserver, Exchangeserver)
      I
     DMZ 2 (Internet)
      I
    Switch
      I
     DATA

router configures with Subinterfaces.

IP Global IP 62.54.5.8 255.255.255.0

DMZ 1 = VLAN3
DMZ 2 = VLAN2
DATA server & Clients = VLAN1

on switch Cisco 3500 to make VLAN

enable
>#vlan database

0
 

Author Comment

by:mhzahid
ID: 8125659
Internet ( leased line 1mb)           Data user ( domain 2)
   |
Exchange
   |
proxy
   |
Internet Users (domain 1)                    
0
 
LVL 9

Expert Comment

by:cooledit
ID: 8126122
looking at ur drawing there is a very big potential of hacking ur Exchange, if u look at my drawing I have put the Exchange in the first DMZ zone this make it almost impossible to hack and access from the IPSEC.

IPSEC ex. 64.65.5.8 255.255.255.0
 I
Router WAN interface 64.65.5.8 255.255.255.0
Router LAN Interface 10.40.0.1 255.255.248.0 NAT
 I
Switch - DMZ 1 VLAN 3 IP 10.40.1.1/21 (Proxyserver, Exchange 10.40.1.2/21
Switch - DMZ 2 VLAN 2 IP 10.40.2.1/21 (Internet Surfer)
Switch - VLAN 1 IP 10.40.3.4/21 (DATA)

Switch 3500 /24 ports
>#enable
>#Vlan database
>#vlan 1 (¨Description¨, DATA) IP and so
>#Vlan 2 (¨Description¨, Internet)IP and so
>#Vlan 3 (¨Description¨, Exchange) IP and so
exit

>#conf t
>#interface fastethernet0/24 (Description, Exchange)
>#interface fastethernet0/23 (Description, Internet)
>#interface fastethernet0/22 (Description, DATA)
>#switch-mode portfast
>#switch-mode access vlan1
>#switch-mode access vlan2
>#Switch-mode access vlan3
>#write term

On the router

>enable
>#conf t
>#interface WAN
>#IP address (62.54.5.8 255.255.255.0)
>#interface eth0
>#IP address (10.40.0.1 255.255.248.0) LAN
>#interface eth0/0 (configures the subinterface)
>#set ip according to the VLAN (DMZ)

I do not remember all the commands so u better look up according to the equipment u use.

the law of VLAN:

A vlan is a virtual address which hold its on broadcast domain, this means u will limit the broadcast into ur domain, it is easy to filter on the router which domains are allowed to see each other. Ur Broadcast will be limited and reduce network traffic while ur domain is subnetted further and of ease to manage.

A router must be in place for doing VLAN on the domain according to catch the broadcast.

hope it is usefull
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question