Ports that need to be opened for IMAP clients to access Exchange 2007 through firewall.

I have DSL users from remote sites that need to access their mailboxes sitting at headoffice using Outlook. I have two mailbox clusters, CAS and HUB servers. Currently for the first cluster I have port 3012 and 3053 opened - all users are able to connect. The same rules are applied to the second mailbox cluster but dsl users are not able to connect. Definately a firewall issue, because if I move those users mailbox to the first cluster it works. I have also spoken to the firewall guys and have checked that the firewall is dropping connection on 2112 for the second cluster.

When does exchange use these "dynamic" ports to connect? Is it Outlook(IMAP) that uses these ports? I jave searched for the range so I could aske the FW guys to open the range - no luck. A freind has suggested that I get them to open anything greater then 1023?? Should I make the ports static for both clusters since they would maybe change if exchange services are restarted or we failover?
Who is Participating?
Nelesh_NConnect With a Mentor Author Commented:
Exchange IMAP also uses the following ports:

993 /TCP IMAP over SSL

You may have to open these ports on the firewall as well.

Also have a look at this article for Exchange 2003; I am not sure if this can also apply to Exchange 2007.
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
bmatumbura is correct about the IMAP ports but it sounds like your attempting to get the IMAP clients to talk to your cluster/mailbox servers?    The CAS role takes care of IMAP, POP, Active Sync, OWA, etc...   Your firewall need to redirect the IMAP traffic to the CAS server and not Mailbox servers.
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Nelesh_NAuthor Commented:
This is the thing, if I'm on the lan (TCP Connection) and do a netstat, I see that I am connecting directly to the mailbox machines on 2153, I configuration issue??

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    NXN1804:1076           lib-dc6-jhb.mydomain.net:1025  ESTABLISHED
  TCP    NXN1804:1078           lib-dc6-jhb.mydomain.net:1025  ESTABLISHED
  TCP    NXN1804:1094           lib-dc6-jhb.mydomain.net:1025  ESTABLISHED
  TCP    NXN1804:1113           lexmbxpd1wc2.mydomain.net:2153  ESTABLISHED
  TCP    NXN1804:1115           lexmbxpd1wc2.mydomain.net:2153  ESTABLISHED
Nelesh_NAuthor Commented:
Hi guys, please help with this. Project has been put on hold until we can find a solution to this.
Nelesh_NAuthor Commented:
Okay, so if users access their mailboxes internally (on the LAN) they will connect driectly to their mailboxes. If they are using rpc over http or owa they will be directed to the CAS boxes, correct?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.