cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
173
Views
0
Helpful
4
Replies
Highlighted
Beginner

Exchange with TMG

Hello.

We have two Exchange Servers 2010 with DAG. They are published by TMG. Is it possible to configure Cisco ESA (Cisco C100V) for incoming/outgoing antivirus and antispam check if we are going to continue still use TMG?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Collaborator

One physical interface, or

One physical interface, or one logical interface(eg ip address)?  I'm going to assume you're stuck with 1 IP, and just cover getting the IPs communication working.  

In Network/Listeners create 2 listeners:

one called "Inbound", put it on port 25                <--for mail inbound to your company

one called "outbound", put it on port 26              <- for mail outbound from your company

Configure the HAT for the Outbound listener, add the IPs for your Exchange boxes.

On the Exchange boxes, set the outbound connector to send to 192.16.0.6, make sure to set it to go to port 26.

Configure the TMG to send port 25 traffic to 192.16.0.6

Set Network/SMTP Routes so the ESA knows where to send mail for your domains, leave "all other domains" as not defined

4 REPLIES 4
Collaborator

yes, and relatively easily.

yes, and relatively easily. there are a lot of ways to do it.  Post a diagram and we can make more specific recommendations.

Beginner

Thanks.

Thanks.

Our scheme approximately looks like this. Internal address TMG server's is the gateway for Exchange servers. All servers in the internal network, don't have DMZ. And for testing we want to use only one interface of Cisco IronPort (management interface) - is it possible?

Collaborator

One physical interface, or

One physical interface, or one logical interface(eg ip address)?  I'm going to assume you're stuck with 1 IP, and just cover getting the IPs communication working.  

In Network/Listeners create 2 listeners:

one called "Inbound", put it on port 25                <--for mail inbound to your company

one called "outbound", put it on port 26              <- for mail outbound from your company

Configure the HAT for the Outbound listener, add the IPs for your Exchange boxes.

On the Exchange boxes, set the outbound connector to send to 192.16.0.6, make sure to set it to go to port 26.

Configure the TMG to send port 25 traffic to 192.16.0.6

Set Network/SMTP Routes so the ESA knows where to send mail for your domains, leave "all other domains" as not defined

Beginner

Thanks. All works.

Thanks. All works.