Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Configuring ISA Server Behind Pix 515e - Using RPC Filter

Posted on 2005-05-10
Medium Priority
Last Modified: 2013-11-16
I want to set it up so users can access outlook from anywhere.  Not all users have Outlook 2003 so RPC over HTTP won't work.

I am going to have OWA as a fallback for users, but I want to allow my users in remote offices (which are not interconnected with us) to have access to their full MAPI Outlook client at all times.

I thought it out and here's what I've come up with:

Router - Pix - Internal Network - Exchange
           DMZ - ISA Server (Hosting RPC Filter, Dual NICs - 1 to internal network, 1 to DMZ)

The problem I am having is that when I create the server publishing rule it is not recognizing my DMZ NIC address ( as the external address for the server.

On the PIX the internal interface is and the DMZ is

Is it possible to set up my environment the way I laid it out or is their a better way to go about it?  I want to stay away from VPN clients and the remote offices are externally managed by an outside provider and I don't have access to the equipment.

Question by:anakin827
1 Comment

Accepted Solution

Tsuro_Hata earned 2000 total points
ID: 13983535
I am not sure if this is how you wanted to configure your network so let me know if I am on the right track.

You are placing your ISA server in the DMZ? So that the external address of your ISA server is in the network and its internal adapter is in the internal network.

Create a rule on your firewall for RPC over HTTP and HTTPS to the external address of your ISA server (DMZ network).
Create a publishing rule in ISA for OWA over HTTPS and RPC over HTTP to the exchange server.

Route table for ISA server has the default gateway set to the IP of the port in the firewall for that DMZ (192.168.2.x). LAT (Local Address Table) for ISA only has the internal network. For routing to work within ISA you need to ensure that the DMZ network and Internal network are completely separate (this should be the case with a 24 subnet mask).

ISA will allow you to set up the two separate publishing rules for https and rpc over http to the same internal server.

Does this help? TJ

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Integration Management Part 2
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question