You can pass HTTP-SSL only through to the internal network, also a security issue but a different one. Any other alternatives of which I am aware are variations of these.
Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 11, 2002 1:49 AM To: Exchange Discussions Subject: Exchange 2000 OWA Configuration Advice Hello all. I am wanting to implement OWA for 2 clients who are both housed in the same Data Center environment. Each has their own internal network and both connect to the Internet via the same DMZ. There is a firewall between the DMZ and each client and a Firewall between the DMZ and the Internet. I have reviewed the MS information regarding how they recommend this be done and have performed my own initial testing. The 2 Solutions I can see are : 1. Configure a Front-end Exchange 2000 server in the DMZ and have it talk to the Back-end Exchange Server on the Client network. This requires opening a number of ports on the DMZ to Client Network Firewall, including RPC, NetBIOS, Kerberos, LDAP and DNS. This seems to me to be a security issue. 2. Configure an ISA server in the DMZ as a Reverse Proxy to the Exchange Server within the Client Network. This requires opening only Port 80 or 443 (or both) between the DMZ and Client Network. This seems a more secure option and would allow for multiple clients to be served by the one server. I am sure many organisations have already done this and would prefer not to re-invent the wheel (so to speak). Are the solutions above the only options? Is there a better solution I don't know about? We are concerned about security and want to ensure that the environment is secure as possible. Does anyone know of specific precautions we can take in this area? Thank you in advance for any information you can pass on. If this question (or similar) has been answered before, please point me to that. Cheers, James. James Turner Senior Support Specialist KAZ Computer Services 118 Bennett Street East Perth, WA 6004 Australia A subsidiary of KAZ Group Limited - visit our web site at http://www.kaz.com.au _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
