none
Ports needed to open on CISCO ASA firewall

    Question

  • our setup will be like this

    windows 2008 R2 std --- domain controller in internal network

    windows2008R2 std ----- additional Domain controller in internal network

    windows 2008R2 std with exchange 2010 std (Placed in our internal network ---(Client access role,mailbox role and hub transport role)

    windows 2008 RS std with exchange 2010 std (Placed in DMZ) ---(edge transport role)

    We have a cisco ASA firewall.Now which port we will have to open up on cisco firewall so that edge transport server and hub transport serve can communicate properly.


    Monday, November 01, 2010 6:47 AM

Answers

  • hi,

    The Edge Transport server uses custom LDAP ports. The following ports are needed for the directory synchronization:
    • LDAP: Port 50389/TCP
    • Secure LDAP: Port 50636/UDP
    • SMTP: Port 25/TCP
    • Optional: enable RDP: Port 3389/TCP

    and here is detailed information about Edge Transport Server configuration ;

    http://technet.microsoft.com/en-us/library/cc526574.aspx

    http://technet.microsoft.com/en-us/library/aa996562%28EXCHG.80%29.aspx

    Communication port settings for Edge Transport servers
    Network interface Open port Protocol Note

    Inbound from and outbound to the Internet

    25/TCP

    SMTP

    This port must be open for mail flow to and from the Internet.

    Inbound from and outbound to the internal network

    25/TCP

    SMTP

    This port must be open for mail flow to and from the Exchange organization.

    Local only

    50389/TCP

    LDAP

    This port is used to make a local connection to ADAM.

    Inbound from the internal network

    50636/TCP

    Secure LDAP

    This port must be open for EdgeSync synchronization.

    Inbound from the internal network

    3389/TCP

    RDP

    Opening this port is optional. It provides more flexibility in managing the Edge Transport servers from inside the internal network by letting you use a remote desktop connection to manage the Edge Transport server.

    regards,

     

     


    Mumin CICEK | Exchange - MVP | www.cozumbilisim.com.tr | www.mumincicek.com | www.cozumpark.com
    • Proposed as answer by Mumin CICEK Monday, November 01, 2010 7:14 AM
    • Marked as answer by Frank.Wang Monday, November 08, 2010 1:47 AM
    Monday, November 01, 2010 7:13 AM