cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-418
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

963
Views
0
Helpful
4
Replies
B. BELHADJ
Enthusiast

Configure authentication between IronPort vESA and MS Exchange 2010

Hi,

I recently configured my vESA as relay of outgoing mails for my internal exchange 2010 server. When I put "none" for authentication in the "Configure Smart Host Authentication settings" window of my Exchange 2010 Management Console all is good, I can send mails and I can see them in my vESA.

For security purpose, I would like to secure communications between the vESA and MS EXchange 2010 with authentication. What type of configuration you recommend me? And how can I do it?

Best regards.

1 ACCEPTED SOLUTION

Accepted Solutions

Is your internal AD domain a "public" domain, or a private one (ending in .local for example")?

Typically I get a wildcard certificate for the external public domain.  I then load this into ESA and the Exchange server (and use it for the WebMail/ActiveSync on Exchange, etc).  Then you have one certificate used for securing everything.  Makes it much easier when you roll the certificates as well - write down the procedure as you do it so when you roll the certificates you don't have to learn how to do it again.

View solution in original post

4 REPLIES 4
Philip D'Ath
Advisor

Don't do that unless you like pain.

If you really want to secure it use TLS, but you will need to put a valid certificate on both the Exchange server and the vESA appliance.

Thank you p.dath for your reply,

If I would like to secure it with TLS, how I can configure this?

I have to generate Certificate from a CA (example AD) and install the certificate in the vESA and the mail server?

If yes, where I configure the TLS (in the both sides)?

Best regards.

Is your internal AD domain a "public" domain, or a private one (ending in .local for example")?

Typically I get a wildcard certificate for the external public domain.  I then load this into ESA and the Exchange server (and use it for the WebMail/ActiveSync on Exchange, etc).  Then you have one certificate used for securing everything.  Makes it much easier when you roll the certificates as well - write down the procedure as you do it so when you roll the certificates you don't have to learn how to do it again.

View solution in original post

Thank you so much p.dath for your reply.

Best regards.