Setup DMZ with ISA 2004 and 2nd Cisco Pix 506E for ActiveSync
Posted on 2007-11-21
I am trying to deploy wireless email through ActiveSync to the PDA and have got it to work successfully in a test lab that is configured like this:
Internet----- Pix-------ISA 2004--------Internal Network Switch
This ISA 2004 server shown above is NOT part of the Domain but instead is in a workgroup. It forwards the HTTPS traffic to the Front End ActiveSync Server (Exchange 2k3) using a host file entry that contains the ip address of the FE ActiveSync server as the internal NIC of the ISA is on the same subnet as the internal LAN and plugged directly into the LAN switch.
I want to now create a DMZ and have it setup like this:
Internet----- Pix(1)-------(DMZ) ISA 2004--------Pix(2)----------------Internal Network Switch
Pix(1) that faces the internet cannot be moved as it dials out to the internet via the ADSL modem and gets our static public IP address assigned to its external NIC. This pix forwards all SMTP traffic to another ISA 2004 (2) server which is part of the domain and not shown above. That ISA 2004 (2) that receives the SMTP traffic is also the proxy server that users use for internet access.
My issue is:
-Once I put the Pix(2) in between the ISA 2004 and Internal Network switch, there will have to be 2 different networks (subnets) for the Pix(2) internal and external interface. This breaks the communication the ISA 2004 have with the internal FE ActiveSync server via the host file on the same network.
My questions are:
-How do I get the ISA to send the HTTPS traffic to the FE ActiveSync server that is now behind Pix(2)? Should I continue to use the host file and change the address or use a static persistent route?
-How should I configure the Pix(2) to get the ActiveSync communication to work between the ISA 2004 and FE AS server?
-What protocols should I only allow to get the ActiveSync communication to work between the ISA 2004 and FE AS server?
Please note that I am only a beginner when it comes to configuring Pix and networks.