For "secure" access THRU the firewall, the suggestions made by Joe are probably it (OWA or IMAP/POP thru SSL w/OE). If you want to use the full Outlook client, there is NO SECURE way to go thru the firewall ... you would have to open up ports 135, 137, 138, 139 and whatever ports the Exchange services are using. You can fix Exchange to use specific ports (see KB articles Q155831 and Q148732) See KB article Q176466 for Exchange ports in general What we have done at a customer site who wants full Outlook access to Exchange from outside the firewall is setup a VPN that is in parallel. Trusted users can VPN in to the building and now appear to be inside ... they can run Outlook no problem. Dave Goldsmith ---------- Original Message ---------------------------------- From: "Carson, Joe" <JCarsonat_private> Reply-To: "Carson, Joe" <JCarsonat_private> Date: Tue, 12 Oct 1999 14:18:39 -0400 >Dan, If you simply need client access, try Outlook Web Access using SSL. I have not heard of any issues with it "yet". It sounds like you already tunnel certain protocols into your network. You could do the SSL directly, or you could possibly tunnel the SSL connection through the SSH port redirector. There are a lot of unknowns there such as: What operating systems and SSH clients are you using, Can you get the SSH authentication front end to work with OWA, Have you looked at other VPN alternatives.... If your users need the Outlook Express client, MS Exchange can encapsulate IMAP and POP3 within SSL. I strongly recommend that you research these services before implementing them within your security architecture. I only know of there availability, but have not tested them myself. Anyone else want to weigh in here? Be very careful! Joe Joe Carson CCNA, CCDA Senior Network Security Engineer Smartronix, Inc. ====================================================================== Original Message: How do folks work access to an MS Exchange server through a firewall? We are under pressure to install MS Exchange in our mixed unix/NT environment and allow access from outside our local network. I checked the archives and didn't find anything that helped me. Currently we limit outside access from the Internet to ssh to a unix host. Port forwarding makes it possible to do all of the things that have been required in the past. But now the folks on the sales side of the company want to have MS Exchange installed so they can use its calendaring and other functions. We have attempted to use the port forwarding to make exchange work and we have also tried Lotus Notes. No luck. Maybe we have missed something. This would be our preferred approach. So we are now looking for a firewall solution to this problem. Have any of you our there encountered this problem. How did you solve it? Thanks. /dan -- Dan Schlitt schlittat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:53 PDT