Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
3
Replies

Connect to Exchange From outlook Across PIX

dana
Level 1
Level 1

‎02-20-2003 06:04 PM - edited ‎02-20-2020 10:34 PM

I am attempting to configure a PIX 520 to support connections from a low security zone to high security zone inbound to a exchange server from outlook.

I am using the NAT 0 options and have the no problem pinging, hitting the web interface on the same box, or using an IMAP client. I understand that exchange is pretty unique in its use of prots and i have configure dthe

establishes tcp 135 permitto tcp 1024-65535 option but i am drawing a blank. Connectivity still fails. Any suggestions whould be great. Thanks a bunch

0 Helpful
3 Replies 3

0rsnaric
Level 1
Level 1

‎02-20-2003 08:33 PM

We have an Exchange server and our clients connect through the PIX using Outlook.

What we did -

First, follow this link for instructions on assigning static ports to Exchange for use with client connections

http://support.microsoft.com/default.aspx?scid=kb;en-us;155831

Then, obviously, setup a static mapping from the high security interface to the low security interface for the Exchange server.

Setup ACLs for port 135, and the two ports you assign via the registry per the above link

Finally, and this is very important, make sure your clients have a means for resolving the Exchange servers host name to an ip address. With Outlook, even if you first enter the IP address into the configuration it automatically converts this to the Hostname upon first connection. You can either use lmhosts files, hosts files, or make sure your mail server has a DNS entry in your clients dns server and the client is properly configured for appending the domain suffix to DNS queries for your domain.

Hope this helps.

~rls

0 Helpful

mostiguy
Level 6
Level 6

‎02-21-2003 06:24 AM

Is there a reason you aren't doing this through a vpn? '

http://www.securityfocus.com/archive/1/296114

MS's RPC service stuff on port 135 has had a miserable security history.

0 Helpful

0rsnaric
Level 1
Level 1
In response to mostiguy

‎02-21-2003 08:04 AM

VPN's nice, but when our consultants are behind a client's firewall it's not always a viable option. And unfortunately Exchange's webaccess leaves a lot to be desired.

There are some other options, like using a relay server. But our current setup has been working great for the past two years without a hitch.

~rls

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card