I've done this successfully several times. Your access lists look good for
client logins, server RPC, etc.
The bridgehead scenario is certainly not required, especially in a smaller
environment where you may only really need just 1 box. A bridgehead in this
case is an MS term and not really related to PIX security. Cisco is just
making a suggestion for placement of the bridgehead.
Rik
-----Original Message-----
From: J Roysdon [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 2:00 AM
To: [EMAIL PROTECTED]
Subject: Re: pix and MS Exchange
Bridgehead is just the term for the first Exchange server, which must be
replaced/moved if you are going to bring that server offline. It controls
"routing" decisions. I suggest reading up a bit more at MS's TechNet site.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
"ipguru" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am installing a 515pix. I am going to hang a Exchange server off one
> of the four interfaces. I have seen the page cisco has about the
> bridgehead server, but these guys just blew their wad on the pix (:-),
> they don't want to buy another server and another exchange. The inside
> is higher so I shouldn't have to do anything to allow users to get to
> the server, but coming back into the inside from dmz1..this is what I
> have:
> access-list exchange permit tcp 192.168.1.0 host 192.168.20.2 eq 139
> access-list exchange permit udp 192.168.1.0 host 192.168.20.2 eq 137
> access-list exchange permit udp 192.168.1.0 host 192.168.20.2 eq 138
> access-list exchange permit tcp 192.168.1.0 host 192.168.20.2 eq 135
>
> The inside is 192.168.1.0 network. The dmz1(mail) is 192.168.20.0, with
> the exchange server being 192.168.20.2.
>
> Anyone done this without the bridgehead?
>
> thanks,
> ipguru
> **As Marvin Gaye said-Let's Get it On!
>
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
,
This mail was processed by Mail essentials for Exchange/SMTP,
the email security & management gateway. Mail essentials adds
content checking, email encryption, anti spam, anti virus,
attachment compression, personalised auto responders, archiving
and more to your Microsoft Exchange Server or SMTP mail server.
For more information visit http://www.mailessentials.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
