?
Solved

Test Network Layout Exchange & ISA2004

Posted on 2006-07-17
10
Medium Priority
?
200 Views
Last Modified: 2013-11-16
Hi All

My dear old ISP says 12 days to get a connection with the upload speed and static IP I need.  Meantime I need an exchange 2003 test setup as of yesterday.  So what I was going to do was:

   - put an ISA server with a public IP on the external just connected to a switch
     
  - On the same switch as the ISA box put a workstation with host entries for ISA and use that
    as my pretend external access.

- Have my exchange Front end server sitting off a dmz nic on the ISA box

- win 2003 box running rras connected to the isa internal as a router

- exchange mailbox server sitting behind that

- host entry on the F/E exchange server for the mailbox server

So question 1 is will this layout work?

I was wondering since everything is hanging off dumb swtiches will it all find itself by netbios broadcast and give me false confidence in the layout.  

Do I need a dns server on the same switch as the ISA box so it knows properly where to send return traffic?
0
Comment
Question by:ausadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
10 Comments
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17127045
ISA 2004 works very well with Exchange 2003, you dont need to put a Front-end in the DMZ, Unless you have more then  1 exchange server in the organization hosting mailboxes.

Do not put a workstation in the Public domain!!!

here is the setup
                                   Internet
                                        |
                                    ISA 2004
                                        |
                                      LAN-----Exchange Server

The ISA 2004 serves the OWA 2003 frotn end authentication(form based) , i mean
The ISA 2004 Server has the option to publish the OWA 2003 forms for authentication of users.
The successful authentication will pass through the ISA 2004 firewall and connects to exchange server,
if the authentication fails the connection will drop at the ISA 2004 itself. This is a good security measure.
1 more point is the ISA 2004 with SP2 you must use the SSL to public OWA 2003, its a must.

regards
naren
0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17127051
This is a good tutorial for ISA 2004 and exchagne 2003
0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17127052
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 

Author Comment

by:ausadmin
ID: 17135454
Thanks guys I understand but I'm trying to model a F/E B/E config for a project I'm starting very soon.  I'm just using ISA because I don't have a hardware FW.  The project will use Pix or Checkpoint.  The workstation isn't in public domain - no net connection right now.

I'd like to do it all as manually as possible because of this.  Any advice on the questions I asked above re: broadcasts and DNS?
0
 
LVL 12

Accepted Solution

by:
r_naren22atyahoo earned 2000 total points
ID: 17135578
I did some research before for this i.e.

backend server on LAN
front end server on DMZ
firewall is a PIX...
I did saw the documentation for all the ports that need to be open from dmz to LAN for exchagne comminication.
its a set of nearly 20 to 25 ports that need to be open..

will get back to you on that

regards
naren
0
 

Author Comment

by:ausadmin
ID: 17135838
Thanx Naren that sounds great.  Oh boy maybe I should bite the bullet and ebay a baby PIX for this setup.
0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17136834
http://www.isaserver.org/articles/2004dmzfebe.html
here is the one with isa 2004

you may have to open some more ports to communicate frontend with domain controler

you will get full list from the microsoft site
0
 
LVL 12

Expert Comment

by:r_naren22atyahoo
ID: 17136898
there is another document on microsoft site that will give you a detailed listing of ports..
i couldnt find it, may have to search in depth

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question