Solved

New Exchange 2003 Installation - ISA Server Function Clarification Please

Posted on 2006-06-23
3
247 Views
Last Modified: 2010-03-06
Can a Microsoft ISA Server installed in the DMZ and configured as a Front End to an Exchange Server 2003 installed on internal LAN also perform role of Web & FTP server?

In other words, can I set up a Windows 2003 server in the DMZ to be all 3 (ISA, Web, & FTP) server?

I have to install a new E-Mail server for our small organization (35 users, 80 PCs, 2 W2K3 Servers) and install Microsoft Exchange 2003 on it.  I do not want to put Exchange 2003 server in DMZ but must set up services for external access like OWA, RPC over HTTP, etc.

We have a PIX firewall, maybe I should not worry about putting Exchange Server 2003 in DMZ, but it would be better not to, correct?

And if I add another Windows server in the DMZ in this triple role would it would not have to be configured as a member server in our AD domain that exists behind INSIDE PIX interface on internal LAN, correct?

What if I brought our Compaq Proliant ML 350 out of retirement for this job?  Could it do the job if wiped & reloaded with Microsoft Windows Server 2003 & ISA?

A complete Exchange Novice,
DALVIS

0
Comment
Question by:dealvis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16971939
On a small site, I wouldn't bother with an ISA. I would just have the traffic going straight to the Exchange server. You only need two ports open - 25 and 443.

If you insist - then the machine needs to be in a workgroup and it can do whatever you like if configured correctly. I have deployed ISA machines as SMTP relays as well in the past.
As long as the machine is capable of running Windows 2003 then it would be fine for the job.

Simon.
0
 

Author Comment

by:dealvis
ID: 16972818
Thank You Simon for responding.  Some clarification please, are you saying you would install Exchange Server 2003 on the internal LAN behind the PIX INSIDE interface (and not the DMZ?)
0
 
LVL 104

Accepted Solution

by:
Sembee earned 125 total points
ID: 16974405
Correct.
Exchange doesn't belong in the DMZ, the number of ports that you have to open for it to work correctly makes the DMZ effectively useless.

Simon.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question