General discussion


Adding Outlook Web Access to LAN

By jagldg ·
I just started working for a company that had used an email provider to access their work email from home. They now want to discontinue this service and manage their own access to this email. Currently using Windows 2000 with Exchange 2000 for email server. There are 3 servers, a Citrix server, W2000 application server and a file server. A Linux server acts as the firewall. There is also a Cisco router but only used for connectivity. The Exchange server was set up on the application server as was the DNS server. I don't agree with the consultant they had as to the design of adding external mail access. He feels it is best to just use the Citrix server and let them dial into their pc, but XP would be required on all pc's and this is not feasible at this time. The company does not want to use this method and would prefer the internet access. I was told the the only way is to add another Exchange server and have the IIS on that server also, and this would be setup in front of the firewall. Is this the cheapest and best way to do this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jaqui In reply to Adding Outlook Web Access ...

you have a pop server.
make sure the firewall allows remote connections to it.
then they can just configure thier home email client to check that email address as well.
unless it's outlook express, as that only allows one client address.
they would have to use thunderbird ( mozilla )
to get more email addresses.
also would recommend that they do not delete from server when checking from home or elsewhere.
so that company machines can have complete logs.

I would recommend against any but remote sales reps being able to do this, as the info in these emails is rightfully company data, and home systems are generally not secure at all.

Collapse -

by Jaqui In reply to

any server that can be accessed from the internet is vulnerable.

if you have firewalls on the workstations as well as between the network and internet, opening the pop server to allow internet access for all is no more risk than the existing setup allowing only a few.

just configure the pop server to allow remote access for all accounts, and the firewall to allow pop3 login, get requests through for all as well.
since most people have dhcp you can't restrict based on ip numbers. so the system has to allow all to access server.
DO NOT proxie the pop server, nor allow it to be an open relay. ( you get blacklisted for spam that way. )

I would not recommend putting the server outside the firewall, that is an un-needed and unacceptable risk. ( some email attachments could contain extremely sensitive [ financial type ] data )
always have active firewall on any machine able to access the internet, or be accessed by the internet [ servers ] the firewall is the last line of defense for intrusion prevention.

Collapse -

by jagldg In reply to Adding Outlook Web Access ...

The way it is currently set up, we have one pop3 mail address from the external mail service they were using, and they there is the internal smtp service that we us. We currently have to set up two addresses in the pc's, one for going to the pop3 and the other for the internal server. This is what is confusing me I guess. The firewall sits in front of all servers right now. To be able to securely access the email from home, we don't let them through the firewall, only with remote connections and not everyone is allowed to do this. This is the issue. They want everyone to be able to access their email from home, but not the servers. Is it more secure to set up another email server in front of the firewall so the port doesn't have to be opened on the present internal server making our servers more vulnerable. I feel like I'm missing something on this logic here and can't pinpoint it. I have checked so many different sources it became overwhelming and now confusing. So, I remembered to turn to this site. Hopefully we can figure this out.

Collapse -

by dustyD In reply to Adding Outlook Web Access ...

Setup the Exchange server with the accounts
To enable web access, go here:

Collapse -

by CG IT In reply to Adding Outlook Web Access ...

you can have a bridgehead Exchange server if you want. Pretty expensive setup .

which Cisco router? you say only used for connectivity but is it an Access router?

You can allow OWA for users to exchange Dusty D gave you a link

Further you can make is secure by requiring a "higher" level of authentication like MD5.

Collapse -

by ManISKid In reply to Adding Outlook Web Access ...

Terminal services may need to be run from XP, but I have an inkling that Citrix clients is a download from the website to be installed on pretty much anything. Thus not requiring XP on the client computers.

As for the additional exchange server situation, exchange servers are set up as either front end or back end servers. One back end server is always needed (to hold the data) while the front end servers act to provide services at remote locations or to allow access to the internet for internet mail service (amoung other things). This provides some fault tolerance as the back end server is less exposed to potentially harmful traffic.

There may be compatibility issues that need to be addressed. As I know that exchange2k3 has internet email but I don't know about 2k.

Citrix would be cheap but can get messy with additional account changes, and exchange would require some compatibility testing with the right ADC and protocols.

Collapse -

by alan In reply to Adding Outlook Web Access ...

No it's not the cheapest. The cheapest way since OWA is installed by default on Exchange 2000/2003 is to do a port forward on your firewall to port 80 on your exchage server. or for secure traffic you can do a private certificate store, install the cert on the exchange server and forward 443 from your firewall/router to your exchange server. Done. That's about all you need to do.

Related Discussions

Related Forums