patrickgillespie
asked on
Configuring Exchange for external use
Ok, here is the scenario: We have a Cisco Pix Firewall. Behind that resides our Barracuda Networks Spam Firewall Filter and our Exchange server. External Mail filters into the network via the Pix, is router to the Barracuda, cleaned and forwarded to our Exchange server. Each hardware device has its own external IP address mapped to an internal IP address via the PIX box. Also, our webpage is hosted via a third party.
Up until this point, my boss never wanted MS Exchange Web Access or the ability to get emails on his phone (Motorola Q and the new iPhone - both supported). I need to make the necessary changes to our firewall and exchange server so that I can enable Web Access and email to cell phones. Web access is up and running internally and has been used internally for some time, but it was not opened up to the outside world (this was done by my predecessor). From what I can see, he enabled IIS but restricted it to the internal IP addresses of our three locations. In addition, when we get Web Access up and running, how do I go about setting it to a nice URL like mail.companyname.com. Lastly, I need to make sure that I set this up and get it running, but don't open any security holes.
Up until this point, my boss never wanted MS Exchange Web Access or the ability to get emails on his phone (Motorola Q and the new iPhone - both supported). I need to make the necessary changes to our firewall and exchange server so that I can enable Web Access and email to cell phones. Web access is up and running internally and has been used internally for some time, but it was not opened up to the outside world (this was done by my predecessor). From what I can see, he enabled IIS but restricted it to the internal IP addresses of our three locations. In addition, when we get Web Access up and running, how do I go about setting it to a nice URL like mail.companyname.com. Lastly, I need to make sure that I set this up and get it running, but don't open any security holes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
coolsport00, it would be assumed that since they currently are receiving email, the MX and PTR records are already in place, but maybe not. Also, SPF records are always a good idea.
patrickgillespie, along the lines of not wanting to "open a security hole," jplato's solution opens a port to your internal server, which is not something you may want to do. Depending on your MS Exchange version, you can setup a front-end server in front of your firewall in order to protect your internal network. This is usually recommended, but of course incurs the cost of a separate machine. The front-end server would then host the OWA URL as well as the Exchange ActiveSync URL and whatever other client access protocols you want to use.
If you don't want to use a front-end server (and you don't mind opening up a hole directly to your internal MS Exchange server), then all you have to do is point an A record (for OWA and Exchange ActiveSync) to your server and make the changes jplato suggested.
Lastly, remember to check and double check your DNS configurations before you make any changes. You don't want to be losing any email due to errors...
-- Alexander.
patrickgillespie, along the lines of not wanting to "open a security hole," jplato's solution opens a port to your internal server, which is not something you may want to do. Depending on your MS Exchange version, you can setup a front-end server in front of your firewall in order to protect your internal network. This is usually recommended, but of course incurs the cost of a separate machine. The front-end server would then host the OWA URL as well as the Exchange ActiveSync URL and whatever other client access protocols you want to use.
If you don't want to use a front-end server (and you don't mind opening up a hole directly to your internal MS Exchange server), then all you have to do is point an A record (for OWA and Exchange ActiveSync) to your server and make the changes jplato suggested.
Lastly, remember to check and double check your DNS configurations before you make any changes. You don't want to be losing any email due to errors...
-- Alexander.
Second setup DNS A Record with your Domain Providers DNS.
You can call them and ask them to setup the A Record for you just tell them you need mail.yourcompany.com to (Your IP)10.10.10.10.
Forward HTTPS or Port 443 Through PIX to Exchange Server.