Also, Most enterprises that support Exchange remote access use RPC over HTTPS which is encrypted and easy to allow on the firewall.
---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -----Original Message----- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: Thursday, November 10, 2011 7:51 AM > To: Lasse Birnbaum Jensen > Cc: nanog@nanog.org > Subject: Re: Encrypted RPC and firewalling > > On Thu, 10 Nov 2011 09:56:51 +0100, Lasse Birnbaum Jensen said: > > I would like to know how you guys handle encypted rpc across > firewalls. > > You can always just set the firewall to ban RPC in general, whether or > not it's encrypted (while you're there, close off ports 137-139 and > other chucklehead stuff like that), and just make the user who's > outside the firewall VPN in. That's a nice, simple, well-understood > configuration that almost all software and even most users can handle. > > (We don't actually do a big monolithic firewall box - but pretty much > everything has an iptables ruleset loaded that says "if your source IP > isn't inside our 2 /16s, your packets go bye bye". And there's a nice > PPTP-based VPN solution in place that even a humanities professor > emeritus can use ;)
