Solved

Cisco 5500 ASA instead of ISA for Exchange 2007

Posted on 2011-02-16
6
1,307 Views
Last Modified: 2012-05-11
I am upgrading my Exchange environment to 2007.  There is not a lot of documentation out there for setting up a reverse proxy for Exchange 2007 that is not an ISA server.  I have a Cisco ASA 5510 and was wondering if I can publish OWA using it instead of installing an ISA server.  Also if it is possible how I would go about implementing it.  Any imput is greadtly appreciated.  Thank you.

Gabe
0
Comment
Question by:OmnitraxIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 34909827
Hi There,

Basically all you do is setup the same firewall rules in the ASA. Generally, this means opening port 443 for OWA in the ACL and forwarding port 443 to the Exchange Server. That's pretty much it. It's much less complex than ISA. I'd rather use an ASA for this any day than ISA, good choice, it'll serve you well.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 125 total points
ID: 34910388
I wasn't aware that ASA was also an application gateway? ISA reverse proxies the request so that external users never enter the internal network - they are held on the outside whilst ISA goes and gets the data on behalf of the user. Does ASA do that also?
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 125 total points
ID: 34910441
It's not an application gateway. Nor does it reverse proxy. You are exactly right about the ASA's capabilities. ISA provides this feature but it's not required for security, although it is nice. I prefer ASAs personally and that's what I've used on my setup in the past with no problems. Users access the Exchange CAS server directly through the ASA and the ASA applies the set security policies to the traffic flow. App gateways are nice, but I don't see them as necessary, but more as optional. Plus, going through an ASA reduces the complexity; there is no proxy process or anything like that, and the ASA can apply ACLs and IPS threat detection, antivirus/malware filtering, etc. depending on the license/modules you have for it. All I'm saying is that if I had an ASA and didn't want to deal with ISA, I'd drop the ISA server like it's hot. That said, if you DO want an app gateway, then use ISA. ...but I like the simpler setup of putting the ASA inline.

Cheers!
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34910681
No problem - and it wasn't a comment to try and knock the ASA - haven't used them much but when I have they have been great. Only chimed in because the original question asked requested a reverse proxy - which is why ISA or FTMG is one of the more obvious - and documented - choices.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 34910766
Yes sir. Yeah, I don't bother with reverse proxy most of the time. I just bring the traffic straight to the CAS server or an edge server and let the firewall do it's job. It is good at it after all. :-)
0
 

Author Closing Comment

by:OmnitraxIT
ID: 34966036
That is what I was looking for.   I was hoping there was a module or something you could add for that ability.  Thank you.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question