11-15-2001 11:40 AM - edited 03-08-2019 09:10 PM
I have 515r, and I added next line in my configuration
because without it, exchange doesn´t work, inside client´s can´t connect with it.
access-list aclout permit ip any any
but some of you told me that is a big hole, in my security.
My question is:
What do you recommended me?
I´m not an expert, is my first time in Pix!
Gdl. Mex.
Thanks a lot, in advance for time!
11-15-2001 01:55 PM
check the port assignments in the following link
http://cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/msexchng.htm
If the inside hosts are making the connection, the netbios ports should be OK but perhaps the established for 135 will be required for rpc
I assume there has been no acl applied to the inside
11-17-2001 11:23 AM
Having Exchange in the DMZ or outside isn't the best way to do things.
You can keep exchange inside & place a SMTP relay in the DMZ. Inbound & outbound mail are passing through this SMTP relay. Some good commercial products are available like Mail Essentials Ref.: http://www.techarts.com/products/mailessentials2000/default.htm
If you want to keep Exchange outside or in the DMZ, you should open RPC ports because Outlook/exchange communications are using those ports. But i don't know if it's only Outlook who are initiating communications to Exchange or both.
11-18-2001 12:56 AM
hi
can you please explain where is the exchange is it in dmz zone or in the outside zone if its in the dmz zone i will tell you perfect solution that i have done with my exchange 5.5 and the pix firewall
cause as u tell you open secuirity hole on your network and even if you use the the ports to be opened inbetween the zones the the internal zone secuirity will be less than 100% ....
best regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide