?
Solved

Requirments for configuring a exchange server which is connected to Internet for a diffrent domain

Posted on 2003-03-12
9
Medium Priority
?
220 Views
Last Modified: 2010-03-19
Hi,

There are two different domains one for Internet users and other for data users, they are physically separate from each other. The domain for Internet is connected with leased line to exchange 2000 server through proxy server. The requirment is to let the user of data domain access email from exchange 2000 server and also keep the data of data domain safe by not allowing the others to access the data except the data domain users. I would be thankful to you if you put light on the siutation and suggest a solution.

Regards,

Mohammed Hussain Zahid
Nesma Internet
Riyadh, KSA.
0
Comment
Question by:mhzahid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 1

Expert Comment

by:compuphonic
ID: 8118828
A physical connection between the data domain and the internet domain will be required.

You might want to install an additional network card in the exchange server, ensure routing is switched off, and use this to connect to your data domain.

Put a one way trust in place.

For extra security add a firewall that only allows ports configured for use on your exchange server.
0
 
LVL 9

Expert Comment

by:cooledit
ID: 8118979
right solution:

Look up at Cisco site inquire DMZ zones.

I recommend u set up a DMZ zone in the case that if correct configured it is possible to do all kind of security as required..
0
 
LVL 9

Expert Comment

by:cooledit
ID: 8118993
sorry here again

easy way to configure.

Internet cloud - Router - Switch - DMZ - Exchange
If you need some drawings to better understand it I´ll send u some ..
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 1

Expert Comment

by:compuphonic
ID: 8119081
cooledit you forgot to mention how your DMZ connects to the interanl network ?

All you've described is what he has already ?
0
 

Expert Comment

by:japeters
ID: 8120004
More info is required, Mr. Zahid.  First, do both sites have internet access?  Are these 2 different locations? It sounds like the Exchange is at the data users site, but the internet users are the ones using it for email at this time.  Is that correct??  If so, are they using POP, IMAP, or a direct exchange connection?  Is the Exchange server a member of the Data user domain, or a member of the Internet users (regardless of physical location).  And the fact that you said there's a Proxy server in the mix is really frightening...
So far, none of the above comments are going to be useful to you...add more info to get some useful feedback.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 8120543
Could you provide a rough drawing of the setup described above?
0
 
LVL 9

Accepted Solution

by:
cooledit earned 225 total points
ID: 8121946
hmm do not know if this ASCI would be helpfull.

IPSEC(Leasedline)
      I
    Router
      I
    Switch
      I
     DMZ 1 (Proxyserver, Exchangeserver)
      I
     DMZ 2 (Internet)
      I
    Switch
      I
     DATA

router configures with Subinterfaces.

IP Global IP 62.54.5.8 255.255.255.0

DMZ 1 = VLAN3
DMZ 2 = VLAN2
DATA server & Clients = VLAN1

on switch Cisco 3500 to make VLAN

enable
>#vlan database

0
 

Author Comment

by:mhzahid
ID: 8125659
Internet ( leased line 1mb)           Data user ( domain 2)
   |
Exchange
   |
proxy
   |
Internet Users (domain 1)                    
0
 
LVL 9

Expert Comment

by:cooledit
ID: 8126122
looking at ur drawing there is a very big potential of hacking ur Exchange, if u look at my drawing I have put the Exchange in the first DMZ zone this make it almost impossible to hack and access from the IPSEC.

IPSEC ex. 64.65.5.8 255.255.255.0
 I
Router WAN interface 64.65.5.8 255.255.255.0
Router LAN Interface 10.40.0.1 255.255.248.0 NAT
 I
Switch - DMZ 1 VLAN 3 IP 10.40.1.1/21 (Proxyserver, Exchange 10.40.1.2/21
Switch - DMZ 2 VLAN 2 IP 10.40.2.1/21 (Internet Surfer)
Switch - VLAN 1 IP 10.40.3.4/21 (DATA)

Switch 3500 /24 ports
>#enable
>#Vlan database
>#vlan 1 (¨Description¨, DATA) IP and so
>#Vlan 2 (¨Description¨, Internet)IP and so
>#Vlan 3 (¨Description¨, Exchange) IP and so
exit

>#conf t
>#interface fastethernet0/24 (Description, Exchange)
>#interface fastethernet0/23 (Description, Internet)
>#interface fastethernet0/22 (Description, DATA)
>#switch-mode portfast
>#switch-mode access vlan1
>#switch-mode access vlan2
>#Switch-mode access vlan3
>#write term

On the router

>enable
>#conf t
>#interface WAN
>#IP address (62.54.5.8 255.255.255.0)
>#interface eth0
>#IP address (10.40.0.1 255.255.248.0) LAN
>#interface eth0/0 (configures the subinterface)
>#set ip according to the VLAN (DMZ)

I do not remember all the commands so u better look up according to the equipment u use.

the law of VLAN:

A vlan is a virtual address which hold its on broadcast domain, this means u will limit the broadcast into ur domain, it is easy to filter on the router which domains are allowed to see each other. Ur Broadcast will be limited and reduce network traffic while ur domain is subnetted further and of ease to manage.

A router must be in place for doing VLAN on the domain according to catch the broadcast.

hope it is usefull
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question