Re: Exchange Server on Pix DMZ

r.hoover · ‎04-25-2002

Has anyone had success installing one Exchange Server on a Pix DMZ? Cisco has examples of installing two exchange boxes through a Pix, one inside, one outside but is it possible to install one exchange box on the inside? This would save on cost of duplicating servers, OS and exchange.

Thanks!

Russell

mknox · ‎04-25-2002

We have one setup with a static route from the inside IP to an outside IP address. We are running OWA and SMTP on the external static IP. Works great.

Michael

thompson · ‎04-25-2002

Just so I understand your question a little better. You want to use say OWA for remote e-mail and use it for your internal users Private and Public informations stores?

DT

gradosavljevic · ‎04-25-2002

I would do it as Michael replies (using a static/conduit), however being ever paranoid I would never allow any IP packet to pass directly from the outside to the inside of the PIX. We have somewhat the same setup except that all incomming mail is received by a "Mail Proxy" sitting on the DMZ (also configured with static/conduit). Before the mail is passed on to our Exchange Server on the inside, the Mail Proxy scans all mail for virus. I know this might be a bit expensive, but as I said when it comes to security I'm pretty paranoid.

Best regards

Goran

r.hoover · ‎04-26-2002

DT, that's exactly what we want to do. We have a NT domain, so in order to use Exchange 2000 enterprise, we have created the exchange box in it's own 2000 domain and added trusting between domains. Internal users can hit the exchange box since we have alias configured. Our concern is having too much open both on the Inside and outside to be dangerous. I would be interested in seeing Michael's config setup for this. Thanks Guys for the replies.

Russell