Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
4
Replies

PIX 515 Configuration for Windows 2000 AD, Exchange 2000, OWA and VPN

sanjay1973
Level 1
Level 1

‎06-16-2003 09:06 AM - edited ‎02-21-2020 12:36 PM

Hi,

we just got PIX 515 with 4 ethernet intefaces, one port connected with VPN 3005, 2nd would be assigned for dmz with Exchange 2000 Server (OWA setup on same machine), third port connected to CAT 2950 for LAN with Windows 2000 server with AD and local DNS, fourth port connected to the edge router for interent access.

Can any one suggest me to what ports need to be opened so that the local and outside users can check there email using MS outlook and Outlook Web access. the remote users wud be coming thru the VPN and LAN users wud come locally...

Or if there is some documentation , some one can refer me that..

thanx.

Labels:
0 Helpful
4 Replies 4

mostiguy
Level 6
Level 6

‎06-16-2003 06:12 PM

Putting E2k on a DMZ is damn near impossible. It needs to have a ton of ports opened between it and the internal network.

You need to allow all tcp traffic from anywhere to port 25 of your mailserver for smtp (to receive email). OWA is simply tcp http, but you should block http and only allow https. Self sign a certificate to enable SSL.

You only want to allow remote users to check email via OWA or via a VPN. To allow the full outlook client to access exchange through the firewall requires opening way too many ports. Thus, a vpn should be required, and OWA the only allowed method directly through the firewall.

0 Helpful

sanjay1973
Level 1
Level 1
In response to mostiguy

‎06-17-2003 08:43 AM

I only have one Exchange server, wud you recommend to put inside the network along with the other LAN computer and implementing SSL for OWA.

please adivse,

0 Helpful

wolfrikk
Level 3
Level 3
In response to mostiguy

‎07-15-2003 06:39 AM

I am not sure what size organization this is for, but one option is to user front end and back end servers for Exchange. This requires Exchange 2000 Enterprise, but it allows you to put the front end server in the DMZ and it can accept and send your external mail. Enterprise edition of Exchange 2000 is not cheap, so this may not be an option.

0 Helpful

tcavdar
Level 1
Level 1

‎06-16-2003 09:29 PM

Here is a good documentation for owa,for all possible firewall scenarios..

http://microsoft.com/downloads/details.aspx?FamilyId=911D42C0-17D0-4C31-BF66-9A95CFACF9BB&displaylang=en

The minimum port you have to open:

TCP 389,UDP 389,TCP 3268,TCP 80,TCP 88,UDP 88,TCP 135,TCP 1600 between exchange and acive directory...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents