DMZ Exchange client needs to log onto Exchange sitting on inside LAN
Posted on 2003-11-11
I have a PIX 520 configured with three interfaces, inside, DMZ1 and outside.
The inside interface naturally routes off to my internal LAN where I've an Exchange 5.5 server handling Exchange client requests. I've recently also purchased a new smtp relay server (ServerX) that I'm testing at the moment on the LAN and have now got it configured to restrict spam messages, as well as providing pass-through NTLM authentication for my users to relay should they want to use it whilst on the road etc with the Windows 2000 servers.
At the moment, I've got an old anti-spam server (ServerM) sitting on the DMZ, that's the MX record for the company, and (at the moment) that passes mail to ServerX which checks for spam, and then it, in turn, passes the mail to my Exchange server.
I'm going to be moving ServerX from the LAN to the DMZ and probably replacing ServerM with it, so my final set up will be ServerX (MX record) on DMZ checks for spam and relaying, if ok, passes mail to Exchange server on inside LAN. In order to test this all out beforehand though, I have a dummy machine on the DMZ configured with the IP address that the relocated ServerX will be working on.
What I'm having major difficulties with is getting this dummy machine on the DMZ to authenticate with the LAN servers, and therefore with the Exchange service. I need both.
At this point in time I'm not sure how much config I should post etc, but I can supply a shortened version on request should it be deemed appropriate