none
Publishing Exchange 2010 CAS from LAN

    Question

  • Our company N/W policy doesn't permit to publish LAN CAS to Internet directly. We have to put CAS server in DMZ and than we can publish them over Internet. I know that CAS in DMZ is not recommended but we have to deal with our company policy.

    It leads us to port issues between DMZ CAS and LAN exchange servers as we can not open any-any from DMZ to LAN and viceversa.

    We have Juniper firewall configured. There is no plan to use ISA or TMG.

    Is there any way to publish LAN CAS to internet using DMZ? If required I can setup a server in DMZ for forwarding requests to LAN CAS server.

    My required scnearion is:

    Request from Internet --> DMZ (from DMZ request would be forwarded to LAN CAS server) --> LAN CAS server

    Any help/recommendations would be appreciated.

     

    Friday, October 08, 2010 10:52 AM

Answers

  • It is not a supported configuration to locate the CAS server in the DMZ.  To be supported, you will need to implement a reverse proxy server (TMG or ISA) and publish the internal CAS.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    • Marked as answer by Gen Lin Friday, October 15, 2010 2:37 AM
    Friday, October 08, 2010 1:20 PM
  • Hi

    Publishing of CAS should be done with ISA/TMG

    You can always port forward HTTPS (443) to the CAS server if you want to publish OWA/EAS/OA but it's recommended to use TMG for a secure publishing


    Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
    • Marked as answer by Gen Lin Friday, October 15, 2010 2:37 AM
    Saturday, October 09, 2010 9:51 AM

All replies

  • Dear Pandey,

    I have came accross this scenario before, the only ports that we all concern is the dynamic rpc ports problem which it dynamically allocate a range of 1024-65536 tcp ports. In this case, you may restrict the RPC ports by refering to the following KB.

    http://support.microsoft.com/kb/154596

    Friday, October 08, 2010 11:20 AM
  • It is not a supported configuration to locate the CAS server in the DMZ.  To be supported, you will need to implement a reverse proxy server (TMG or ISA) and publish the internal CAS.
    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
    • Marked as answer by Gen Lin Friday, October 15, 2010 2:37 AM
    Friday, October 08, 2010 1:20 PM
  • Hi

    Publishing of CAS should be done with ISA/TMG

    You can always port forward HTTPS (443) to the CAS server if you want to publish OWA/EAS/OA but it's recommended to use TMG for a secure publishing


    Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
    • Marked as answer by Gen Lin Friday, October 15, 2010 2:37 AM
    Saturday, October 09, 2010 9:51 AM