Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Adding ISA server to an existing PIX environment

I have a fully functional PIX environment utilizing the VPN and DMZ functionality of the PIX. I now have to allow Exchange traffic via the internet. I started off making our users use the vpn client to connect to our exchange server, but it does not work the majority of the time due to customer premise equipement. I am now required to implement an ISA server in order to serve up Exchange over the internet without the use of a vpn client.

Can someone advise me as the best way to implement an ISA in my current environment? My first thought is to install one nic on the the internet and the other in the dmz. Then I can still use the pix to control traffic between the dmz and the servers in the internal network.

I welcome all input. But please remember that I have to implement the ISA due to needs. If the PIX could serve up exchange data (without the need of a vpn client) I would consider that too.

Thank you in advance.

Community Member

Re: Adding ISA server to an existing PIX environment

How much of the exchange server do they need?

-Spend your money on a PIX at the other site and have a site to site VPN link, you could have the exchange server use a second ip address not on your internal range and allow access through vpn only to this. This way both networks can see it?

-Use OWA if they only need to send and receive email, ISA can even sit behind the pix as a second level of protection if needed.



Community Member

Re: Adding ISA server to an existing PIX environment

They need to Access Exchange in a MAPI environment in order to share calendars and access to public folders.

- I currently have remote PIX's (506) for our remote offices. And this configuration works great. The issue is when my user is not in a office (such as traveling or working from home).

In this situation, we have tried to deploy the vpn client (I also have a vpn concentrator) but it is VERY labor intensive to support. I cannot control the equipment that connects the user to the internet. This is the reason for looking into native internet access.

Yes they use OWA at times, but it is not feature rich enough and not very condusive to heads down working.

The question that I posted was asking if it is possible to put an ISA server behind my pix and serve up Exchange. So I guess you last bullet is what I am asking if anyone has done.

Thank you.

CreatePlease to create content