Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Accessing Outlook thru SSL VPN (port to be Enabled)

Posted on 2009-07-12
4
Medium Priority
?
617 Views
Last Modified: 2012-05-07
We are in the process of configuring SSL VPN, we have enabled MS outlook to be available for VPN users thru tunneling. our SSL VPN box is in DMZ, and right now traffic is enabled for port any to any from VPN box to our Backend exchange server which is in different zone and vice-versa.

As part of security, we want only to enable those port which is required to get outlook working thru RPC from SSL VPN box to exchange serrver and vice-versa.

Our Exchange Farm:
Front end server in DMZ (Web mail configured)
Backend server in Server Zone
No RPC over HTTPs configured
0
Comment
Question by:TJOSY
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Expert Comment

by:lucidica-jamal
ID: 24833912
Hiya,

If you are using a VPN, then all you need to open is the VPN port, no other ports need to be open to allow exchange information to pass through, as it will all pass through the VPN port.

Hope that helps!

0
 

Author Comment

by:TJOSY
ID: 24833964
thats from external to VPN box. My requirement is from VPN box to Exchange Server
0
 
LVL 1

Assisted Solution

by:lucidica-jamal
lucidica-jamal earned 150 total points
ID: 24833994
Oh ok...
Exchange uses alot of ports!

A list of them are available here: http://www.petri.co.il/ports_used_by_exchange.htm

Hope that helps!
0
 
LVL 65

Accepted Solution

by:
Mestha earned 225 total points
ID: 24835266
What you should do is remove the frontend server from the DMZ. Whatever your reason for putting it there, I can guarantee that it is wrong. It does nothing for your security and actually weakens it.

Put the frontend server inside, configure RPC over HTTPS. It only needs one port then - 443.
You could look at using SSL offloading, which would then only need port 80, but requires very careful configuration. A lot of people have problems with it, so usually end up using conventional RPC over HTTPS with a certificate on the frontend server and just using the SSL VPN as an additional wrapper.

Simon.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question