Nelesh_N
asked on
Ports that need to be opened for IMAP clients to access Exchange 2007 through firewall.
I have DSL users from remote sites that need to access their mailboxes sitting at headoffice using Outlook. I have two mailbox clusters, CAS and HUB servers. Currently for the first cluster I have port 3012 and 3053 opened - all users are able to connect. The same rules are applied to the second mailbox cluster but dsl users are not able to connect. Definately a firewall issue, because if I move those users mailbox to the first cluster it works. I have also spoken to the firewall guys and have checked that the firewall is dropping connection on 2112 for the second cluster.
When does exchange use these "dynamic" ports to connect? Is it Outlook(IMAP) that uses these ports? I jave searched for the range so I could aske the FW guys to open the range - no luck. A freind has suggested that I get them to open anything greater then 1023?? Should I make the ports static for both clusters since they would maybe change if exchange services are restarted or we failover?
When does exchange use these "dynamic" ports to connect? Is it Outlook(IMAP) that uses these ports? I jave searched for the range so I could aske the FW guys to open the range - no luck. A freind has suggested that I get them to open anything greater then 1023?? Should I make the ports static for both clusters since they would maybe change if exchange services are restarted or we failover?
bmatumbura is correct about the IMAP ports but it sounds like your attempting to get the IMAP clients to talk to your cluster/mailbox servers? The CAS role takes care of IMAP, POP, Active Sync, OWA, etc... Your firewall need to redirect the IMAP traffic to the CAS server and not Mailbox servers.
ASKER
This is the thing, if I'm on the lan (TCP Connection) and do a netstat, I see that I am connecting directly to the mailbox machines on 2153, I configuration issue??
Active Connections
Proto Local Address Foreign Address State
TCP NXN1804:1076 lib-dc6-jhb.mydomain.net:1 025 ESTABLISHED
TCP NXN1804:1078 lib-dc6-jhb.mydomain.net:1 025 ESTABLISHED
TCP NXN1804:1094 lib-dc6-jhb.mydomain.net:1 025 ESTABLISHED
TCP NXN1804:1113 lexmbxpd1wc2.mydomain.net: 2153 ESTABLISHED
TCP NXN1804:1115 lexmbxpd1wc2.mydomain.net: 2153 ESTABLISHED
Active Connections
Proto Local Address Foreign Address State
TCP NXN1804:1076 lib-dc6-jhb.mydomain.net:1
TCP NXN1804:1078 lib-dc6-jhb.mydomain.net:1
TCP NXN1804:1094 lib-dc6-jhb.mydomain.net:1
TCP NXN1804:1113 lexmbxpd1wc2.mydomain.net:
TCP NXN1804:1115 lexmbxpd1wc2.mydomain.net:
ASKER
Hi guys, please help with this. Project has been put on hold until we can find a solution to this.
ASKER
Okay, so if users access their mailboxes internally (on the LAN) they will connect driectly to their mailboxes. If they are using rpc over http or owa they will be directed to the CAS boxes, correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
143 /TCP IMAP
993 /TCP IMAP over SSL
You may have to open these ports on the firewall as well.
Also have a look at this article for Exchange 2003; I am not sure if this can also apply to Exchange 2007.