Off Topic - Enabling Outside Access to email

system · September 3, 2008, 10:39am

I implemented Exchange via RPC over HTTP using ISA at my last job. It
was tricky, but we got it done and it was a HUGE help migrating external
users from POP/SMTP to Exchange. It also let them synchronize their
handheld devices with their local computers (for those whose devices
didn't have the capability to sync via cellular-Internet) and get their
data into Exchange so they *could* use the OWA interface if they wanted
to.

Implementing Exchange via RPC/HTTP doesn't mean you cannot also
implement OWA; it's great to have both (for the reason stated above,
among others). If you want to quickly implement just OWA, you can set
it using HTTP only and not require HTTPS, meaning you don't need to buy
a signed certificate. If people like it, make the investment in the
cert, switch to HTTPS, and then you can enable forms-based
authentication, which will give you a (customizable) interface for
entering credentials, instead of using the boring/bland standard gray
Windows authentication pop-up box.

ISA server makes publishing the OWA site pretty straight-forward - it's
almost as easy as clicking "Next" a few times and it's done.

--Ari

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of clark_scott_l
Sent: Wednesday, September 03, 2008 9:02 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Off Topic - Enabling Outside Access to email

You have another option if your users are permanently outside your
network. Exchange 2003/Outlook 2003 and above allow a setup called
HTTPS or RPC. This is a means to allow the users to run the full
Outlook client without a VPN connection. You would want an Exchange
consultant to set it up and leave you with directions for the client
setup, but this is working very well for our 400+ users.

Scott Clark
IT Manager
Wastequip, Inc.

--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ,
"Darren Mann" <dmann@...> wrote:

>
> I currently have a 2003 SBS server I want to enable access to for

our

> sales staff to get their email. I am using OWA w/Exchange 2003.

The

> server has ISA 2000 running on it as well. I think I have enabled

all

> the settings on the server side to allow this but I can't seem to

find

> any information on what needs to be done to allow access from

outside my

> network. What do I need to do at the firewall (linksys VPN

router)? I

> have enabled forwarding from port 443 to my server ip. What does

my ISP

> need to do? Is this relatively secure doing it this way?
>
> Thanks,
>
> Darren Mann
> IT Manager
> Miller Products Co.
> 1015 N. Main St.
> Osceola, IA 50213
> Ph. 641-342-2103
> Fax 641-342-3222
>
>
> [Non-text portions of this message have been removed]
>

[Non-text portions of this message have been removed]

system · September 2, 2008, 10:16am

I currently have a 2003 SBS server I want to enable access to for our
sales staff to get their email. I am using OWA w/Exchange 2003. The
server has ISA 2000 running on it as well. I think I have enabled all
the settings on the server side to allow this but I can't seem to find
any information on what needs to be done to allow access from outside my
network. What do I need to do at the firewall (linksys VPN router)? I
have enabled forwarding from port 443 to my server ip. What does my ISP
need to do? Is this relatively secure doing it this way?

Thanks,

Darren Mann
IT Manager
Miller Products Co.
1015 N. Main St.
Osceola, IA 50213
Ph. 641-342-2103
Fax 641-342-3222

[Non-text portions of this message have been removed]

system · September 2, 2008, 10:24am

Darren,

When you say VPN Router, if the router is capable of VPN I would implement it. Yes it is secure and the outside user can use the full Outlook clicne configured exactly the same way you configure it internally.

Todd

From: Darren Mann
Sent: Tuesday, September 02, 2008 10:17 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Off Topic - Enabling Outside Access to email

I currently have a 2003 SBS server I want to enable access to for our
sales staff to get their email. I am using OWA w/Exchange 2003. The
server has ISA 2000 running on it as well. I think I have enabled all
the settings on the server side to allow this but I can't seem to find
any information on what needs to be done to allow access from outside my
network. What do I need to do at the firewall (linksys VPN router)? I
have enabled forwarding from port 443 to my server ip. What does my ISP
need to do? Is this relatively secure doing it this way?

Thanks,

Darren Mann
IT Manager
Miller Products Co.
1015 N. Main St.
Osceola, IA 50213
Ph. 641-342-2103
Fax 641-342-3222

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · September 2, 2008, 10:50pm

OWA is intended to allow email access from any public computer. To force the use of a VPN connection to use OWA would defeat its purpose since now it would require a VPN client connection to be setup on the remote computer. The only suggestion I would make is to ensure your users have a very secure password. Also instruct them to make sure they select the public computer option when they are asked for their user id and password.

If the users will only be accessing email from their own machines then I would do as Todd suggested an make them use a VPN connection and the regular Outlook Client or a POP3 client.

If you have IIS setup properly for the OWA to allow or force secure connections then port 443 should be the only port that would need to be open on your router. Be aware that the certificate that comes with Exchange to allow https is a self-signed certificate which means the users will more than likely get a certificate warning when they attempt to use https. The only way around this would be to purchase a signed certificate. There is not really a requirement to use https as you can configure IIS and OWA to allow regular http. If that is the case then you would need to open up port 80 on your Linksys router (not recommended).

I can't be sure about the settings for ISA since I have never configured or used it. I used to use the old Microsoft Proxy Server but that was not nearly as sophisticated as ISA. I am aware that ISA can also serve as a firewall. That being said, there may be some specific settings for it to allow the outside traffic to flow as well. You will need to go through its settings to make that determination.

There should not be anything your ISP needs to do unless you need to provide a specific DNS setting. I doubt that would be necessary since you should already have the proper DNS entries to receive email through your exchange server. Your users should be able to use OWA by using https://mail.yourdomain.com/owa or something similar to that. It would need to match your DNS MX record.

Charles

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Todd Hofert
Sent: Tuesday, September 02, 2008 9:24 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Off Topic - Enabling Outside Access to email

Darren,

When you say VPN Router, if the router is capable of VPN I would implement it. Yes it is secure and the outside user can use the full Outlook clicne configured exactly the same way you configure it internally.

Todd

From: Darren Mann
Sent: Tuesday, September 02, 2008 10:17 AM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Off Topic - Enabling Outside Access to email

I currently have a 2003 SBS server I want to enable access to for our
sales staff to get their email. I am using OWA w/Exchange 2003. The
server has ISA 2000 running on it as well. I think I have enabled all
the settings on the server side to allow this but I can't seem to find
any information on what needs to be done to allow access from outside my
network. What do I need to do at the firewall (linksys VPN router)? I
have enabled forwarding from port 443 to my server ip. What does my ISP
need to do? Is this relatively secure doing it this way?

Thanks,

Darren Mann
IT Manager
Miller Products Co.
1015 N. Main St.
Osceola, IA 50213
Ph. 641-342-2103
Fax 641-342-3222

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

________________________________
DISCLAIMER:
This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.

[Non-text portions of this message have been removed]

system · September 3, 2008, 9:48am

We also run SBS 2003 with ISA 2004. We use RWW (remote web workspace )
as wells as OWA. Both were setup using the internet and e-mail wizard,
and user wizard located under server management. Not certain about your
Linksys firewall configuration. You might try the SBS newsgroup for help
http://www.microsoft.com/smallbusiness/community/newsgroups/.

Good luck,

Dan Shallbetter

States Electric Mfg.

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Darren Mann
Sent: Tuesday, September 02, 2008 9:18 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Off Topic - Enabling Outside Access to email

I currently have a 2003 SBS server I want to enable access to for our
sales staff to get their email. I am using OWA w/Exchange 2003. The
server has ISA 2000 running on it as well. I think I have enabled all
the settings on the server side to allow this but I can't seem to find
any information on what needs to be done to allow access from outside my
network. What do I need to do at the firewall (linksys VPN router)? I
have enabled forwarding from port 443 to my server ip. What does my ISP
need to do? Is this relatively secure doing it this way?

Thanks,

Darren Mann
IT Manager
Miller Products Co.
1015 N. Main St.
Osceola, IA 50213
Ph. 641-342-2103
Fax 641-342-3222

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · September 3, 2008, 10:01am

You have another option if your users are permanently outside your
network. Exchange 2003/Outlook 2003 and above allow a setup called
HTTPS or RPC. This is a means to allow the users to run the full
Outlook client without a VPN connection. You would want an Exchange
consultant to set it up and leave you with directions for the client
setup, but this is working very well for our 400+ users.

Scott Clark
IT Manager
Wastequip, Inc.

--- In vantage@yahoogroups.com, "Darren Mann" <dmann@...> wrote:
>
> I currently have a 2003 SBS server I want to enable access to for
our
> sales staff to get their email. I am using OWA w/Exchange 2003.
The
> server has ISA 2000 running on it as well. I think I have enabled
all
> the settings on the server side to allow this but I can't seem to
find
> any information on what needs to be done to allow access from
outside my
> network. What do I need to do at the firewall (linksys VPN
router)? I
> have enabled forwarding from port 443 to my server ip. What does
my ISP
> need to do? Is this relatively secure doing it this way?
>
> Thanks,
>
> Darren Mann
> IT Manager
> Miller Products Co.
> 1015 N. Main St.
> Osceola, IA 50213
> Ph. 641-342-2103
> Fax 641-342-3222
>
>
> [Non-text portions of this message have been removed]
>