i have a dsl connection which ends up on my juniper firewall (10/100).
i have a cisco uc520 device which i am running on my lan with ip phones, as well as sbs 2008, which has exchange 2007 with newest service packs.
The sbs 2008 box and other computers are all communicating through a gibabit switch to which the juniper firewall is connecting and distributing the internet connection.
My uc is connected from its wan side to the juniper firewall, and not connected to lan from the other.
i want to leverage the capabilities of exchange with the uc by installing third party softwares on the exchange server, so i am bit a lost. shouldn't the servers and pc's see the uc in the current config ? Also, i want to prevent the users from getting network connectivity in case they decide to plug their pc in the cisco uc lan side.
would appreciate the help.
You will either have to create a Juniper rule to allow traffic between the two ports or you can most likely hook the UC into the switch and give it a local IP.
On the firewall, you can restrict port traffic (ex. 80/443/ or everything) for the UC ip.
I would then configure the UC to hand out a different subnet on the lan port of the phone, say 10.2.10.x. and a different gateway. The firewall would block any traffic going out on the UC wan side (say 10.1.10.100). The users would get an ip on the UC subnet, but have no place to go!
You can also use this configuration to allow users to use the phone lan switch and limit the traffic - you could allow them to hook a laptop in and only get to internal IP's. The possibilities are endless.
You could also consider making the UC go into the Juniper DMZ port - but then don't forget to create custom routes to allow your exchange server to traverse to that port.
If your Juniper is 10.1.10.1
Exchange is 10.1.10.10
Make your UC 10.1.10.15
Configure the UC to dhcp to it's phone lan port 10.2.10.x
In Juniper, configure firewall to block all outgoing traffic on 10.1.10.5
Exchange should see UC
Users going into phone port should not get anywhere
Hope this helps! Reply back if you are trying to do something else.