08-15-2011 09:40 PM
My server guys want to LB the Exchange 2010 client access servers, this will be the 7th Context on my Ace 4710.
see table for ports that are used
Port | Usage |
---|---|
25 | smtp |
80 | http various |
110 | POP3 clients |
135 | RPC end point mapper |
143 | imap4 clients |
443 | SSL various |
993 | secure imap 4 clients |
995 | secure pop3 clients |
6001 | rpc related outlook anywhere |
6002 | rpc related outlook anywhere |
6003 | rpc related outlook anywhere |
60200 | rpc CAS |
60201 | exchange address book service |
whats the best way of going about this?
do I just LB the IP addresses of the Servers and ignore the ports?
do i have to do anything special for ports 993 and 995 secure imap and pop?
I am sure there are more questions I shold be asking!
08-15-2011 11:21 PM
If it is between CASnHUB and the TMG server or CASn HUB to Exchange server communication , i used it any ports , since they have n number of ports required ( since this is internal communication , i didnt find it much complex in term of security) .
there is no special requirement for securer imap and secure pop.
I have to different customer
1) required services to be specifically defined
2) doesnt require seperate services he just need a single serverfarm with all services running.
So in first case i have opened 993 and 995 also and second with all protocols.
both customer's requirements running perfectly fine.
regards,
Parvees
08-16-2011 06:25 PM
OK
so If I have a single serverfarm with all services do I filter on the virtual
address something like below?
class-map match-any EXCH_vip
match virtual-address 172.16.93.2 tcp eq 25
match virtual-address 172.16.93.2 tcp eq 80
match virtual-address 172.16.93.2 tcp eq 110
match virtual-address 172.16.93.2 tcp eq 135
match virtual-address 172.16.93.2 tcp eq 143
match virtual-address 172.16.93.2 tcp eq 443
match virtual-address 172.16.93.2 tcp eq 993
match virtual-address 172.16.93.2 tcp eq 995
match virtual-address 172.16.93.2 tcp eq 6001
match virtual-address 172.16.93.2 tcp eq 6002
match virtual-address 172.16.93.2 tcp eq 6003
match virtual-address 172.16.93.2 tcp eq 60200
match virtual-address 172.16.93.2 tcp eq 60201
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide