Exchange 2010 POP 3 setup with MS ForeFront TMG

Hi all,

hope you can help.

I am trying to setup POP3 mail access for my exchange 2010 environment which has 2 CAS servers - only one is use at the moment. There is also a NLB in the DMZ to act as a proxy for the CAS servers and a TMG firewall.

we currently have MS Forefront TMG setup for our firewall proxy and internet traffic. Exchange ActiveSync is also configured via the TMG and works great as does OWA using the "" ssl cert.

Our exchange and CAS servers have the "" certificate installed and the POP 3 services are running on both the CAS and the mailbox servers.

POP3 has been setup on the mailbox servers under client access to use the "" certificate (same as the ActiveSync cert - could this be an issue? do i need a different SSL cert for POP 3?)

I have created a mail server publishing rule and within this rule also set the option "request appear to come from the ISA server"  but still no luck.

i can see the TMG log when i test with a pop 3 test app that the default rule has denied access. i believe this is an issue with TMG, but cannot figure out where the issue is. I have also tried to test with telnet within the LAN to the POP 3 port - 110 but i can’t even telnet in. i can however telnet in on the SMTP port within the LAN.

Nothing is being blocked on the firewall (this is what i have been advised by the network team).

Any help appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
bmsdevAuthor Commented:
Hi, thanks for your response but did you read my post? i have already stated that the publishing rule has  been created and tested without any luck.

your first post talks about removing the perimeter network to get the FTP working. im not sure how this is related since im not setting up FTP. i cant remove the perimeter network as my ActiveSync and owa run from it successfully.

your second post talks about ISA 2006 - im using forefront TMG and exch 2010 - again i have already created the rule.
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
I saw in your post, TMG is a big brother of ISA 2006, Just using that as what need to be done. Apologies if I caused you any inconvenient.

Where is the default rule located in the order? at the end, middle or begining

Can you upload your rule please?

bmsdevAuthor Commented:
the Default rule is located at no2 in the list its been moved around all over the place. the rule is setup as in the attached pics. one thing i forgot to mention is my TMG setup is a MS load balanced cluster of two TMG servers.

like i said all other mail services work well - ActiveSync and OWA without any issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bmsdevAuthor Commented:
No response from others.
Different environment now.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.