I need to create access to a new Exchange Server. The server has 2 network cards (NICs). One with internal IP and the other with a public IP. My network is as follows:- Internet <--> Cisco Router <--> PIX 515E <--> Switch --> LAN. The Router has a public IP on the outside interface and a private IP on the inside. The PIX has private IPs on both interfaces on different subnets.
The router and the pix both have only 2 interface ports. I cannot create a DMZ on a separate interface.
How do I safely connect the Exchange Server to the network? Do I physically connect the cables from both NICs to the LAN? Or do I have to install a switch between the Router and the PIX and then connect the Public NIC to the switch? How do I route traffic through the Router and the PIX to the Mail Server? Thanks.
if you are not able to create a DMZ then at any point you are in a risk as either you are statically translating the Exchange Front End which is in INSIDE and providing inbound access to the INSIDE from the Internet else if also you enable routing in the Exchange server and connect one NIC of the server to the Public segment bypassing the firewall that also is a risk as if your server is compromised your total inside network is compromised. Its better to get a interface to be used for DMZ and place the Exchange Front End in the DMZ.