Publishing Exchange 2010 CAS from LAN
Our company N/W policy doesn't permit to publish LAN CAS to Internet directly. We have to put CAS server in DMZ and than we can publish them over Internet. I know that CAS in DMZ is not recommended but we have to deal with our company policy.
It leads us to port issues between DMZ CAS and LAN exchange servers as we can not open any-any from DMZ to LAN and viceversa.
We have Juniper firewall configured. There is no plan to use ISA or TMG.
Is there any way to publish LAN CAS to internet using DMZ? If required I can setup a server in DMZ for forwarding requests to LAN CAS server.
My required scnearion is:
Request from Internet --> DMZ (from DMZ request would be forwarded to LAN CAS server) --> LAN CAS server
Any help/recommendations would be appreciated.
October 8th, 2010 6:54am
Dear Pandey,
I have came accross this scenario before, the only ports that we all concern is the dynamic rpc ports problem which it dynamically allocate a range of 1024-65536 tcp ports. In this case, you may restrict the RPC ports by refering to the following KB.
http://support.microsoft.com/kb/154596
Free Windows Admin Tool Kit Click here and download it now
October 8th, 2010 7:22am
It is not a supported configuration to locate the CAS server in the DMZ. To be supported, you will need to implement a reverse proxy server (TMG or ISA) and publish the internal CAS.
Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
October 8th, 2010 9:21am
Hi
Publishing of CAS should be done with ISA/TMG
You can always port forward HTTPS (443) to the CAS server if you want to publish OWA/EAS/OA but it's recommended to use TMG for a secure publishingJonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog:
http://www.testlabs.se/blog
Free Windows Admin Tool Kit Click here and download it now
October 9th, 2010 5:53am