I think this is a pretty bad situation. The amount of exposure you have to
create between the DMZ and the LAN for this to work pretty much nullifies
the DMZ. You could rig up VPN that is designed to only run between the Front
Exch and some kind of VPN Server that sits on the "line" between the LAN and
DMZ,...the Exch would then see the LAN DC's and other Exch via the VPN.
However this means that if the Front Exch is compromised the Exch box can
provide an avenue into the LAN via the VPN just as opening up the DMZ doing
it the "other" way would have done.
I am not convinced that running two Exch's (front & back) is really very
secure since the fact that the Front Exch has to communicate unhindered with
the Back Exch, and that seems to nullify any security it was supposed to
have provided.
I think a single Exchange properly configured, maintained, and published
from behind a Firewall will do just fine.
But that is just my opinion.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"C Emmons" <(E-Mail Removed)> wrote in message
news:609501c48198$e5f11290$(E-Mail Removed)...
> I am running Exchange 2003 SP1 on Windows Server 2003. I
> am using the Front-End/Back-End Topology. The Exchange
> Front-End passes request for mail to the Back-End. I
> paid a consultant to come in and setup a DMZ in which the
> Front-End now resides. As far as I can see, the
> connectivity seems okay between the front and the back.
> However, the front-end server will not work. I get the
> following error:
>
> All DS Servers in domain are not responding.
>
> Outside the DMZ (IP changed back to my internal network) -
> everyone works fine between front and back.
>
> I have two Domain Controllers running Windows 2003 Server
> Enterprise (Clusters). The Exchange Server is of course
> in the domain, but is not a domain controller.
>
> Can anyone please help - I am trying to meet a deadline
> and the consultant has gone. Help much appeciated.
> C Emmons
Similar Threads
Linear Mode
