cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1817
Views
0
Helpful
4
Replies

Configure authentication between IronPort vESA and MS Exchange 2010

B. BELHADJ
Level 4
Level 4

Hi,

I recently configured my vESA as relay of outgoing mails for my internal exchange 2010 server. When I put "none" for authentication in the "Configure Smart Host Authentication settings" window of my Exchange 2010 Management Console all is good, I can send mails and I can see them in my vESA.

For security purpose, I would like to secure communications between the vESA and MS EXchange 2010 with authentication. What type of configuration you recommend me? And how can I do it?

Best regards.

1 Accepted Solution

Accepted Solutions

Is your internal AD domain a "public" domain, or a private one (ending in .local for example")?

Typically I get a wildcard certificate for the external public domain.  I then load this into ESA and the Exchange server (and use it for the WebMail/ActiveSync on Exchange, etc).  Then you have one certificate used for securing everything.  Makes it much easier when you roll the certificates as well - write down the procedure as you do it so when you roll the certificates you don't have to learn how to do it again.

View solution in original post

4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

Don't do that unless you like pain.

If you really want to secure it use TLS, but you will need to put a valid certificate on both the Exchange server and the vESA appliance.

Thank you p.dath for your reply,

If I would like to secure it with TLS, how I can configure this?

I have to generate Certificate from a CA (example AD) and install the certificate in the vESA and the mail server?

If yes, where I configure the TLS (in the both sides)?

Best regards.

Is your internal AD domain a "public" domain, or a private one (ending in .local for example")?

Typically I get a wildcard certificate for the external public domain.  I then load this into ESA and the Exchange server (and use it for the WebMail/ActiveSync on Exchange, etc).  Then you have one certificate used for securing everything.  Makes it much easier when you roll the certificates as well - write down the procedure as you do it so when you roll the certificates you don't have to learn how to do it again.

Thank you so much p.dath for your reply.

Best regards.