Announcement

Collapse
No announcement yet.

Ports to open between ISA 2006 and Exchange 2003?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ports to open between ISA 2006 and Exchange 2003?

    What are the minimum ports to open up between a DMZd ISA 2006 and Exchange 2003 if the only service we wish to publish is ActiveSync.

  • #2
    Re: Ports to open between ISA 2006 and Exchange 2003?

    A Google search for "activesync ports" will show you the port numbers required, which seems to be all that you were asking for...
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Ports to open between ISA 2006 and Exchange 2003?

      Originally posted by gforceindustries View Post
      A Google search for "activesync ports" will show you the port numbers required, which seems to be all that you were asking for...
      Well yes and no. I don't need to know the external ports needed but the minimum ports passed from the ISA dmz to the exchange member server. I'm having some trouble finding some consistency.

      Also some articles say to make the ISA a member server which seems counter productive for security reasons.

      Comment


      • #4
        Re: Ports to open between ISA 2006 and Exchange 2003?

        Originally posted by eod View Post
        Well yes and no. I don't need to know the external ports needed but the minimum ports passed from the ISA dmz to the exchange member server. I'm having some trouble finding some consistency.

        Also some articles say to make the ISA a member server which seems counter productive for security reasons.
        ISA will proxy the request to the ActiveSync virtual directory on the Exchange server using either HTTP or HTTPS depending on what you configure in ISA on the bridging tab. SSL is clearly recommended seeing as ActiveSync uses Basic Authentication, you'll need an appropriate certificate on the ISA Server and the Exchange Server.

        You will find a myriad of discussions over the internet of the relative benefits of ISA Server as a domain member or not. My personal preference is that it is a member of the domain. Tom Shinder's opinion is good enough for me.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Ports to open between ISA 2006 and Exchange 2003?

          the ports you need to open between the DMZ and the trusted network are completely equivalent to the listening ports on the member server.

          using a sense of logic, and knowing that ActiveSync requires ports 80 and 443, this tells me you need to allow packets destined to dest 80 and 443 of the internal network
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Ports to open between ISA 2006 and Exchange 2003?

            And that list can be found here for example,although I'm do not really like the idea of joining dmz servers to the domain.
            http://www.isaserver.org/articles/20...terdomain.html
            Basically you need ldap, Kerberos, ntp, DNS, ICMP (ping) and rpc
            Well at least if you want to know what ports are needed between your DMZ server and your internal domain.

            For external to your DMZ server use the publishing wizard if you are using NAT.

            ISA should belong to the domain. It gives you way more benefits then cons
            Last edited by Dumber; 9th July 2010, 22:40.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X