Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1667
Views
0
Helpful
4
Replies

Exchange with TMG

Go to solution
polym-polym
Level 1
Level 1

‎03-21-2016 06:47 AM

Hello.

We have two Exchange Servers 2010 with DAG. They are published by TMG. Is it possible to configure Cisco ESA (Cisco C100V) for incoming/outgoing antivirus and antispam check if we are going to continue still use TMG?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to polym-polym

‎03-22-2016 06:41 AM

One physical interface, or one logical interface(eg ip address)?  I'm going to assume you're stuck with 1 IP, and just cover getting the IPs communication working.  

In Network/Listeners create 2 listeners:

one called "Inbound", put it on port 25                <--for mail inbound to your company

one called "outbound", put it on port 26              <- for mail outbound from your company

Configure the HAT for the Outbound listener, add the IPs for your Exchange boxes.

On the Exchange boxes, set the outbound connector to send to 192.16.0.6, make sure to set it to go to port 26.

Configure the TMG to send port 25 traffic to 192.16.0.6

Set Network/SMTP Routes so the ESA knows where to send mail for your domains, leave "all other domains" as not defined

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ken Stieers
VIP
VIP

‎03-21-2016 07:50 AM

yes, and relatively easily. there are a lot of ways to do it.  Post a diagram and we can make more specific recommendations.

0 Helpful

Go to solution
polym-polym
Level 1
Level 1
In response to Ken Stieers

‎03-22-2016 12:42 AM

Thanks.

Our scheme approximately looks like this. Internal address TMG server's is the gateway for Exchange servers. All servers in the internal network, don't have DMZ. And for testing we want to use only one interface of Cisco IronPort (management interface) - is it possible?

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to polym-polym

‎03-22-2016 06:41 AM

One physical interface, or one logical interface(eg ip address)?  I'm going to assume you're stuck with 1 IP, and just cover getting the IPs communication working.  

In Network/Listeners create 2 listeners:

one called "Inbound", put it on port 25                <--for mail inbound to your company

one called "outbound", put it on port 26              <- for mail outbound from your company

Configure the HAT for the Outbound listener, add the IPs for your Exchange boxes.

On the Exchange boxes, set the outbound connector to send to 192.16.0.6, make sure to set it to go to port 26.

Configure the TMG to send port 25 traffic to 192.16.0.6

Set Network/SMTP Routes so the ESA knows where to send mail for your domains, leave "all other domains" as not defined

0 Helpful

Go to solution
polym-polym
Level 1
Level 1
In response to Ken Stieers

‎04-18-2016 04:54 AM

Thanks. All works.

0 Helpful
Customers Also Viewed These Support Documents