Exchange 2010 POP 3 setup with MS ForeFront TMG
Hi all,
hope you can help.
I am trying to setup POP3 mail access for my exchange 2010 environment which has 2 CAS servers - only one is use at the moment. There is also a NLB in the DMZ to act as a proxy for the CAS servers and a TMG firewall.
we currently have MS Forefront TMG setup for our firewall proxy and internet traffic. Exchange ActiveSync is also configured via the TMG and works great as does OWA using the "mail.xxx.com" ssl cert.
Our exchange and CAS servers have the "mail.xxx.com" certificate installed and the POP 3 services are running on both the CAS and the mailbox servers.
POP3 has been setup on the mailbox servers under client access to use the "mail.xxx.com" certificate (same as the ActiveSync cert - could this be an issue? do i need a different SSL cert for POP 3?)
I have created a mail server publishing rule and within this rule also set the option "request appear to come from the ISA server" but still no luck.
i can see the TMG log when i test with a pop 3 test app that the default rule has denied access. i believe this is an issue with TMG, but cannot figure out where the issue is. I have also tried to test with telnet within the LAN to the POP 3 port - 110 but i can’t even telnet in. i can however telnet in on the SMTP port within the LAN.
Nothing is being blocked on the firewall (this is what i have been advised by the network team).
Any help appreciated.
hope you can help.
I am trying to setup POP3 mail access for my exchange 2010 environment which has 2 CAS servers - only one is use at the moment. There is also a NLB in the DMZ to act as a proxy for the CAS servers and a TMG firewall.
we currently have MS Forefront TMG setup for our firewall proxy and internet traffic. Exchange ActiveSync is also configured via the TMG and works great as does OWA using the "mail.xxx.com" ssl cert.
Our exchange and CAS servers have the "mail.xxx.com" certificate installed and the POP 3 services are running on both the CAS and the mailbox servers.
POP3 has been setup on the mailbox servers under client access to use the "mail.xxx.com" certificate (same as the ActiveSync cert - could this be an issue? do i need a different SSL cert for POP 3?)
I have created a mail server publishing rule and within this rule also set the option "request appear to come from the ISA server" but still no luck.
i can see the TMG log when i test with a pop 3 test app that the default rule has denied access. i believe this is an issue with TMG, but cannot figure out where the issue is. I have also tried to test with telnet within the LAN to the POP 3 port - 110 but i can’t even telnet in. i can however telnet in on the SMTP port within the LAN.
Nothing is being blocked on the firewall (this is what i have been advised by the network team).
Any help appreciated.
ASKER
Hi, thanks for your response but did you read my post? i have already stated that the publishing rule has been created and tested without any luck.
your first post talks about removing the perimeter network to get the FTP working. im not sure how this is related since im not setting up FTP. i cant remove the perimeter network as my ActiveSync and owa run from it successfully.
your second post talks about ISA 2006 - im using forefront TMG and exch 2010 - again i have already created the rule.
your first post talks about removing the perimeter network to get the FTP working. im not sure how this is related since im not setting up FTP. i cant remove the perimeter network as my ActiveSync and owa run from it successfully.
your second post talks about ISA 2006 - im using forefront TMG and exch 2010 - again i have already created the rule.
I saw in your post, TMG is a big brother of ISA 2006, Just using that as what need to be done. Apologies if I caused you any inconvenient.
Where is the default rule located in the order? at the end, middle or begining
Can you upload your rule please?
Regards
Where is the default rule located in the order? at the end, middle or begining
Can you upload your rule please?
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No response from others.
Different environment now.
Different environment now.
You have to create publishing rule on tmg for the pop3 access
http://fixmyitsystem.com/2011/05/tmg-non-web-server-protocol-does-not.html
http://technet.microsoft.com/en-us/library/bb310788.aspx
Regards