cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
432
Views
0
Helpful
3
Replies

PIX with MS Front/Back End Exchange

sleepingandrew
Level 1
Level 1

Hi,

Recently I have to install a PIX with three interface to protect a MS Exchange System. A front end exchange 2003 server will be placed in the DMZ. A back end Exchange 2003 together with the Domain Controller, Global Catalog Server will be placed in the internal network. And these two MS exchanges have to be synchronized with other MS exchange servers on other remote sites. I have done some reseraches on this and found that there are so many ports have to be opened on the firewalls. Very confusing. Can anybody provide a sample PIX configuration for this? You help is much much appreciated.

Andrew

3 Replies 3

sleepingandrew
Level 1
Level 1

Hi,

Just more information:

1) Other Exchange servers on remote sites are Exchange 5.5

2) There will be three servers in the internal netowrk: a back end Exchange 2003 server, and two Window 2003 Domain Controllers

Thanks

Andrew

qsi-cco
Level 1
Level 1

Andrew,

I was wondering if you ever came to a solution on this. I am currently trying setup the same configuration. Any help would be greatly appreciated.

Thanks,

Jeff

vivek_bakal
Level 1
Level 1

Hi there,

Its a simple stuff.I would recommend to do as follow....

Keep your Front End server in DMZ.

Configure secure connection on it and no access but 443.Direct traffic on ssl port coming on to public interface ip on to FES. Hack in registry of various internal network servers for keeping RPC to one port and this will keep you from opening lots of ports for authentication.

Let your Global Catalog server and Back end exchange server be in Internal higher security level network.

Open 389 and 3268 for LDAP and GCS communication to internal network.DNS and AH or ESP will be needed (later 2 only for ip security) which depends on your mode of encryption used.

If you are more worried about hackers on ur internal subnet then I would go for ip security implementation for internal and FES network.

Thats it.

Very simple.

Cheers

Vivek B Bakal

Review Cisco Networking for a $25 gift card