ausadmin
asked on
Test Network Layout Exchange & ISA2004
Hi All
My dear old ISP says 12 days to get a connection with the upload speed and static IP I need. Meantime I need an exchange 2003 test setup as of yesterday. So what I was going to do was:
- put an ISA server with a public IP on the external just connected to a switch
- On the same switch as the ISA box put a workstation with host entries for ISA and use that
as my pretend external access.
- Have my exchange Front end server sitting off a dmz nic on the ISA box
- win 2003 box running rras connected to the isa internal as a router
- exchange mailbox server sitting behind that
- host entry on the F/E exchange server for the mailbox server
So question 1 is will this layout work?
I was wondering since everything is hanging off dumb swtiches will it all find itself by netbios broadcast and give me false confidence in the layout.
Do I need a dns server on the same switch as the ISA box so it knows properly where to send return traffic?
My dear old ISP says 12 days to get a connection with the upload speed and static IP I need. Meantime I need an exchange 2003 test setup as of yesterday. So what I was going to do was:
- put an ISA server with a public IP on the external just connected to a switch
- On the same switch as the ISA box put a workstation with host entries for ISA and use that
as my pretend external access.
- Have my exchange Front end server sitting off a dmz nic on the ISA box
- win 2003 box running rras connected to the isa internal as a router
- exchange mailbox server sitting behind that
- host entry on the F/E exchange server for the mailbox server
So question 1 is will this layout work?
I was wondering since everything is hanging off dumb swtiches will it all find itself by netbios broadcast and give me false confidence in the layout.
Do I need a dns server on the same switch as the ISA box so it knows properly where to send return traffic?
This is a good tutorial for ISA 2004 and exchagne 2003
ASKER
Thanks guys I understand but I'm trying to model a F/E B/E config for a project I'm starting very soon. I'm just using ISA because I don't have a hardware FW. The project will use Pix or Checkpoint. The workstation isn't in public domain - no net connection right now.
I'd like to do it all as manually as possible because of this. Any advice on the questions I asked above re: broadcasts and DNS?
I'd like to do it all as manually as possible because of this. Any advice on the questions I asked above re: broadcasts and DNS?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanx Naren that sounds great. Oh boy maybe I should bite the bullet and ebay a baby PIX for this setup.
http://www.isaserver.org/articles/2004dmzfebe.html
here is the one with isa 2004
you may have to open some more ports to communicate frontend with domain controler
you will get full list from the microsoft site
here is the one with isa 2004
you may have to open some more ports to communicate frontend with domain controler
you will get full list from the microsoft site
there is another document on microsoft site that will give you a detailed listing of ports..
i couldnt find it, may have to search in depth
i couldnt find it, may have to search in depth
Do not put a workstation in the Public domain!!!
here is the setup
Internet
|
ISA 2004
|
LAN-----Exchange Server
The ISA 2004 serves the OWA 2003 frotn end authentication(form based) , i mean
The ISA 2004 Server has the option to publish the OWA 2003 forms for authentication of users.
The successful authentication will pass through the ISA 2004 firewall and connects to exchange server,
if the authentication fails the connection will drop at the ISA 2004 itself. This is a good security measure.
1 more point is the ISA 2004 with SP2 you must use the SSL to public OWA 2003, its a must.
regards
naren