Announcement

Collapse
No announcement yet.

Exchange 2007 and Cisco PIX 515e TLS Question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 and Cisco PIX 515e TLS Question

    Hi, everyone!

    I have a question about Exchange 2007 TLS Secure connections.

    I have Edge Server in Cisco PIX 515e (Pix OS v 7.x) DMZ network, and Hub Transport Server INSIDE.

    When esmtp inspect enabled on PIX, TLS connections works incorrectly, because esmtp inspect strips out any non-esmtp commands.

    Disabling esmtp inspect maybe a solution, but this is opens to everyone, who is OUTSIDE, server banner, commands supported, etc - and in my opinion this is no good because of less security.

    Will you recommend to leave all things as is, or maybe possible change of Hub-Edge Servers authorization methods?

  • #2
    Re: Exchange 2007 and Cisco PIX 515e TLS Question

    That option is just like fixup SMTP on the previous versions of PIX. It got in the way and caused more problems than it is worth.
    Disable it. The banner does no harm.
    While it opens the commands supported there is very little you can do about that. If someone gets in to a position where that information is of use, then you have bigger things to worry about.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange 2007 and Cisco PIX 515e TLS Question

      Thanks for answer, yes, smtp fixup give me some headache in past, and esmtp inspect very limited too.

      Comment

      Working...
      X