Thank you all for your precious advices. I will probably go VPN as it seems the best way to do it. But just for the info, can anyone reply to me concerning the ports question: If I fix the dynamic ports range of RPC communication as per article 154596, will this apply to the dynamic ports Exchange needs, or is it only for Windows NT services? Thanks again.
Best Regards Nizar El-Assaad -----Original Message----- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, February 18, 2003 4:41 PM Posted To: Lyris MS Exchange Discussions Conversation: Exchange Server and Firewalls Subject: Re: Exchange Server and Firewalls I was thinking exactly the same thing. Well, that and that I wouldn't be using a site connector over the Internet. On 2/18/03 8:04, "Tristan Gayford" <[EMAIL PROTECTED]> wrote: Use a VPN for this scenario every time. --------------------------------------------- Tristan Gayford Deputy Systems & Network Manager Cranfield University at Silsoe -----Original Message----- From: Nizar El-Assaad [mailto:[EMAIL PROTECTED]] Sent: 18 February 2003 09:29 To: Exchange Discussions Hello I have a Windows NT 4 domain with two Exchange Servers 5.5. The two servers are located in two different geographical sites, and connect through a Site Connector. The Exchange servers are also domain controllers. I am configuring the firewall between the two sites (they connect through the internet). I came across a lot of articles in MS Knowledge Base. In one article (154596 - Configure RPC Dynamic Port Allocation to Work with Firewall), it states that I can set a range of TCP ports over 1024 (preferably over 5000) for dynamic ports needed for RPC communication (in addition to port 135). In other articles related to Exchange server (notably the following: 176466 - TCP Ports and Microsoft Exchange: In-depth Discussion; 155831 - Setting TCP/IP ports for Exchange and Outlook Client Connections Through a Firewall; 161931 - Configuring MTA TCP/IP Port # for X.400 and RPC Listens; 148732 - Setting TCP/IP Port Numbers for Internet Firewalls), they tell you how to allocate static ports to the various Exchange services. Now the question is: If I set a range of TCP ports (say from 5000 to 5020) as stated in article 154596, and make these ports available on the firewall, will it be sufficient as all the Exchange services use RPC communication or do I still need to allocate static ports for these services? In the latter case, should these ports fall in the range that I allowed in Windows NT RPC communication or should they be outside this range? In other words, will Exchange use ports in this range or is this range restricted for Windows NT Services (DHCP, WINS, NetBIOS sessions, etc.)? Thank you for your help. Best Regards Nizar El-Assaad _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]