none
Can we setup IPSec between exchnage on-premises and exchnage online in hybrid? RRS feed

  • Question

  • We have deployed exchange hybrid with office 365 and planning to deploy IPSec in order to get an extra layer of encryption between on premises exchange and office 365.

    I this feasible? If yes how we can do this?

    Thursday, June 27, 2019 2:40 AM

All replies

  • It seems like overkill to me since you can restrict the connecting IP addresses in your firewall to the EOP addresses, the hybrid connector requires your certificate for connection, and all traffic goes over encrypted TLS.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, June 27, 2019 4:08 AM
    Moderator
  • Thank you for your response Ed,

    As far as I know we can deploy IPSec in order to encrypt the data flow between exchange on-premises and exchange online. However I am also aware that we can restrict the IP's is our firewall.

    I wanted to know if it will have any effect  on the flow of data between cloud and on-premises if I deploy IPSec.

    And how can I deploy the same if this can be done.

    A little explaination would be helpful.

    Thanks in advance.

    Thursday, June 27, 2019 4:35 AM
  • Hi choco029,

    I cannot find any official statement related to "Using IPSec between Exchange and Office 365". I will do more research on this and it may take some time to get the answer, will let you know if there is any update.

    By the way, if you just want to encrypt the email, how about using S/MIME? Here is a blog describing this:

    How to Configure S/MIME in Office 365

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, June 28, 2019 7:21 AM
    Moderator
  • Update:

    After a further confirmation, I would say this is not possible. All the traffic is HTTP secured with TLS.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, July 1, 2019 9:44 AM
    Moderator
  • No. Not available. Exchange hybrid communication uses TLS 1.2 already encrypted, no need for IPSec and not available. 

    NOTICE: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, July 2, 2019 3:56 AM
  • Just checking in to see if above information was helpful. Please let us know if you would like further assistance.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, July 3, 2019 11:21 AM
    Moderator