Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
0
Helpful
3
Replies

How to direct SMTP traffic to Exchange Server with 2 NICs behind a Router a

Go to solution
prince.ibe
Level 1
Level 1

‎09-16-2009 10:44 AM - edited ‎03-11-2019 09:16 AM

I need to create access to a new Exchange Server. The server has 2 network cards (NICs). One with internal IP and the other with a public IP. My network is as follows:- Internet <--> Cisco Router <--> PIX 515E <--> Switch --> LAN. The Router has a public IP on the outside interface and a private IP on the inside. The PIX has private IPs on both interfaces on different subnets.

The router and the pix both have only 2 interface ports. I cannot create a DMZ on a separate interface.

How do I safely connect the Exchange Server to the network? Do I physically connect the cables from both NICs to the LAN? Or do I have to install a switch between the Router and the PIX and then connect the Public NIC to the switch? How do I route traffic through the Router and the PIX to the Mail Server? Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
indra
Level 1
Level 1

‎09-16-2009 12:09 PM

if you are not able to create a DMZ then at any point you are in a risk as either you are statically translating the Exchange Front End which is in INSIDE and providing inbound access to the INSIDE from the Internet else if also you enable routing in the Exchange server and connect one NIC of the server to the Public segment bypassing the firewall that also is a risk as if your server is compromised your total inside network is compromised. Its better to get a interface to be used for DMZ and place the Exchange Front End in the DMZ.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
indra
Level 1
Level 1

‎09-16-2009 12:09 PM

if you are not able to create a DMZ then at any point you are in a risk as either you are statically translating the Exchange Front End which is in INSIDE and providing inbound access to the INSIDE from the Internet else if also you enable routing in the Exchange server and connect one NIC of the server to the Public segment bypassing the firewall that also is a risk as if your server is compromised your total inside network is compromised. Its better to get a interface to be used for DMZ and place the Exchange Front End in the DMZ.

0 Helpful

Go to solution
prince.ibe
Level 1
Level 1
In response to indra

‎09-17-2009 03:54 PM

Since I cannot install a another interface on the PIX or Router to create a DMZ, What can you advise as the best practicable option here? Do I need to install a switch between the Router and the PIX?

0 Helpful

Go to solution
prince.ibe
Level 1
Level 1
In response to prince.ibe

‎09-22-2009 08:40 AM

Problem solved. I have successfully configured the router and pix and can now send and receive mails via the exchange server using only the internal IP (1 NIC). I got some more hint from http://www.firewall.cx/ftopict-5821.html

This person had the same scenario like me. I'll still work on getting a DMZ later for better security.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card