[ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 4 Jul 2006 11:56:19 -0500

Or with ISA 2006 firewalls, you can use LDAP authentication.
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
        Sent: Sunday, July 02, 2006 12:29 AM
        To: Mathieu CHATEAU
        Cc: exchangelist@xxxxxxxxxxxxx
        Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple
domains
        
        
        Using webmail.domain.tld & webmail2.domain.tld requires separate
certs unless you go with a wildcard *.domain.tld cert.
         
        You'll have to use a RADIUS server per listener; this way, you
can separate them to each domain.

________________________________

        From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx]
        Sent: Sat 7/1/2006 2:13 PM
        To: Jim Harrison
        Cc: exchangelist@xxxxxxxxxxxxx
        Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple
domains
        
        

        Hello Jim,
                        *
        thanks for your answer !
        
        i have many ip but the cert is just for one FQDN...
        
        Do you mean that radius will find in which AD the user exist and
then
        redirect him to the good exchange ?
        
        cheers,
        Mathieu CHATEAU
                       
        Saturday, July 1, 2006, 5:10:45 PM, you wrote:
        
        JH> http://www.msexchange.org <http://www.msexchange.org/> 
        JH> -------------------------------------------------------How
many
        JH> external IPs do you have to work with?
        JH> If you have more than one, the multiple cert idea will work.
        JH> Otherwise, you're going to have to use a wildcard cert on
the ISA itself.
        
        JH> Regarding the use auth, all you need to do is use RADIUS for
the non-trusted AD.
        JH> FBA can resolve accounts with RADIUS jes' fine, jes' fine...
        
        JH> Make sure you have SP2 and the 916106 rollup installed and
take a read here:
        JH> http://support.microsoft.com/kb/884560
        
        JH> -------------------------------------------------------
        JH>    Jim Harrison
        JH>    MCP(NT4, W2K), A+, Network+, PCG
        JH>    http://isaserver.org/Jim_Harrison/
        JH>    http://isatools.org <http://isatools.org/> 
        JH>    Read the help / books / articles!
        JH> -------------------------------------------------------
        JH> 
        
        JH> -----Original Message-----
        JH> From: exchangelist-bounce@xxxxxxxxxxxxx
        JH> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of
Mathieu CHATEAU
        JH> Sent: Saturday, July 01, 2006 04:07
        JH> To: exchangelist@xxxxxxxxxxxxx
        JH> Subject: [ExchangeList] ISA 2004 as OWA FE and multiple
domains
        
        JH> http://www.msexchange.org <http://www.msexchange.org/> 
        JH> -------------------------------------------------------Hello
exchangelist,
        
        
        JH> I am looking for a temporary solution.
        JH> Here is the setup:
        JH> One ISA 2004 acting as reverse proxy.
        JH> One AD with exchange 2003
        JH> One AD with exchange 2003.
        
        JH> I must provide OWA & ActiveSync access to users in both
domain from the ISA 2004.
        JH> There isn't domain trust between domains up to now.
        
        JH> I am thinking about doing something like:
        JH> webmail.XXX.com/Exchange/
        JH> webmail.XXX.com/Exchange2/
        
        JH> or:
        JH> webmail.XXX.com/Exxchange/
        JH> webmail2.XXX.com/Exchange/
        
        JH> The second looks much easier, but i only have one SSL
        JH> certificate, so would have to self generate for webmail2.
        
        
        JH> I need a temporary workaround, all users will be in one AD
in a month.
        
        JH> I am using formbased on ISA.
        
        JH> Thanks in advance !
        JH> Mathieu CHATEAU
        JH> http://lordoftheping.blogspot.com
<http://lordoftheping.blogspot.com/> 
        
        
        
        JH> -------------------------------------------------------
        JH> List Archives:
http://www.freelists.org/archives/exchangelist/
        JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp
        JH> MSExchange Articles and Tutorials:
        JH> http://www.msexchange.org/articles_tutorials/
        JH> MSExchange Blogs: http://blogs.msexchange.org/
        JH> -------------------------------------------------------
        JH> Visit TechGenix.com for more information about our other
sites:
        JH> http://www.techgenix.com <http://www.techgenix.com/> 
        JH> -------------------------------------------------------
        JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp
        JH> Report abuse to listadmin@xxxxxxxxxxxxxx
        
        
        JH> All mail to and from this domain is GFI-scanned.
        
        JH> -------------------------------------------------------
        JH> List Archives:
http://www.freelists.org/archives/exchangelist/ 
        JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp
        JH> MSExchange Articles and Tutorials:
        JH> http://www.msexchange.org/articles_tutorials/
        JH> MSExchange Blogs: http://blogs.msexchange.org/
        JH> -------------------------------------------------------
        JH> Visit TechGenix.com for more information about our other
sites:
        JH> http://www.techgenix.com <http://www.techgenix.com/> 
        JH> -------------------------------------------------------
        JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp
        JH> Report abuse to listadmin@xxxxxxxxxxxxxx
        
        
        
        
        --
        Best regards,
         Mathieu                            mailto:gollum123@xxxxxxx
        
        

        All mail to and from this domain is GFI-scanned.

Other related posts: