This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

How to use NAT/Basic Firewall form Routing and Remote Access in the VPN to block port 25 for workstations but exchange

Question
0

Sign in to vote

We have an Exchange Server 2000 and we are on a few blacklists. To prevent this from happening again, I would like to block outbound port 25 traffic from the workstations but obviously I would still like to be able to send out mail through our exchange server. We have a Windows 2003 Server as a VPN between the Netopia Model 4522 T1 Router and the LAN. The VPN has 2 interfaces: the public facing the router, and the private facing the LAN. I’ve tried all the possible ways to block/allow traffic thru the port 25, but I end either blocking all the traffic or nothing. I believe the problem is that there is no way for the Netopia to know what private IP form the LAN is sending: if the Exchange or a PC. Therefore, I thought to use NAT/Basic Firewall form Routing and Remote Access in the VPN. How we can configure it to do this?

Thanks in advance!

Thursday, January 7, 2010 12:06 AM

Answers

0

Sign in to vote
Hello,

Thank you for your post here.

From the description, you want to allow only port 25 traffic from the Exchange server.

It seems that you have the network such as:

Internet

|

|

|

Netopia Model 4522 T1 Router (NAT router)

|

|

|

Windows Server 2003 RRAS server (router)

|
|

|

LAN

Please understand that RRAS cannot know whether the port 25 traffic can from a client computer or the Exchange server neither. To block all port 25 traffic from the internal network expect from the Exchange server, you may consider to create ACLs/Filters to explicitly allow port 25 traffic only from the Exchange server.

If you have any questions or concerns, please do not hesitate to let us know.
- Marked as answer by Miles Li Wednesday, January 13, 2010 8:51 AM
Friday, January 8, 2010 2:47 AM