[ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

  • From: Mathieu CHATEAU <gollum123@xxxxxxx>
  • To: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • Date: Tue, 4 Jul 2006 19:20:11 +0200

http://www.msexchange.org -------------------------------------------------------

Hello Thomas,


the problem is how ISA will find the good exchange to send the user to.

And what happens if user A exist in both ? :)


As I said before, there is no domain trust.


I finally come with two DNS, each poiting to a different AD+Exchange


thanks,

Mathieu CHATEAU



Tuesday, July 4, 2006, 6:56:19 PM, you wrote:


>

Or with ISA 2006 firewalls, you can use LDAP authentication.

 

Thomas W Shinder, M.D.

Site: www.isaserver.org

Blog: http://blogs.isaserver.org/shinder/

Book: http://tinyurl.com/3xqb7

MVP -- ISA Firewalls

 




From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison

Sent: Sunday, July 02, 2006 12:29 AM

To: Mathieu CHATEAU

Cc: exchangelist@xxxxxxxxxxxxx

Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains


Using webmail.domain.tld & webmail2.domain.tld requires separate certs unless you go with a wildcard *.domain.tld cert.

 

You'll have to use a RADIUS server per listener; this way, you can separate them to each domain.




From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx]

Sent: Sat 7/1/2006 2:13 PM

To: Jim Harrison

Cc: exchangelist@xxxxxxxxxxxxx

Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains


Hello Jim,

                *

thanks for your answer !


i have many ip but the cert is just for one FQDN...


Do you mean that radius will find in which AD the user exist and then

redirect him to the good exchange ?


cheers,

Mathieu CHATEAU

               

Saturday, July 1, 2006, 5:10:45 PM, you wrote:


JH> http://www.msexchange.org

JH> -------------------------------------------------------How many

JH> external IPs do you have to work with?

JH> If you have more than one, the multiple cert idea will work.

JH> Otherwise, you're going to have to use a wildcard cert on the ISA itself.


JH> Regarding the use auth, all you need to do is use RADIUS for the non-trusted AD.

JH> FBA can resolve accounts with RADIUS jes' fine, jes' fine...


JH> Make sure you have SP2 and the 916106 rollup installed and take a read here:

JH> http://support.microsoft.com/kb/884560


JH> -------------------------------------------------------

JH>    Jim Harrison

JH>    MCP(NT4, W2K), A+, Network+, PCG

JH>    http://isaserver.org/Jim_Harrison/

JH>    http://isatools.org

JH>    Read the help / books / articles!

JH> -------------------------------------------------------

JH> 


JH> -----Original Message-----

JH> From: exchangelist-bounce@xxxxxxxxxxxxx

JH> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mathieu CHATEAU

JH> Sent: Saturday, July 01, 2006 04:07

JH> To: exchangelist@xxxxxxxxxxxxx

JH> Subject: [ExchangeList] ISA 2004 as OWA FE and multiple domains


JH> http://www.msexchange.org

JH> -------------------------------------------------------Hello exchangelist,



JH> I am looking for a temporary solution.

JH> Here is the setup:

JH> One ISA 2004 acting as reverse proxy.

JH> One AD with exchange 2003

JH> One AD with exchange 2003.


JH> I must provide OWA & ActiveSync access to users in both domain from the ISA 2004.

JH> There isn't domain trust between domains up to now.


JH> I am thinking about doing something like:

JH> webmail.XXX.com/Exchange/

JH> webmail.XXX.com/Exchange2/


JH> or:

JH> webmail.XXX.com/Exxchange/

JH> webmail2.XXX.com/Exchange/


JH> The second looks much easier, but i only have one SSL

JH> certificate, so would have to self generate for webmail2.



JH> I need a temporary workaround, all users will be in one AD in a month.


JH> I am using formbased on ISA.


JH> Thanks in advance !

JH> Mathieu CHATEAU

JH> http://lordoftheping.blogspot.com




JH> -------------------------------------------------------

JH> List Archives: http://www.freelists.org/archives/exchangelist/

JH> MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp

JH> MSExchange Articles and Tutorials:

JH> http://www.msexchange.org/articles_tutorials/

JH> MSExchange Blogs: http://blogs.msexchange.org/

JH> -------------------------------------------------------

JH> Visit TechGenix.com for more information about our other sites:

JH> http://www.techgenix.com

JH> -------------------------------------------------------

JH> To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp

JH> Report abuse to listadmin@xxxxxxxxxxxxxx



JH> All mail to and from this domain is GFI-scanned.


JH> -------------------------------------------------------

JH> List Archives: http://www.freelists.org/archives/exchangelist/ 

JH> MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp

JH> MSExchange Articles and Tutorials:

JH> http://www.msexchange.org/articles_tutorials/

JH> MSExchange Blogs: http://blogs.msexchange.org/

JH> -------------------------------------------------------

JH> Visit TechGenix.com for more information about our other sites:

JH> http://www.techgenix.com

JH> -------------------------------------------------------

JH> To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp

JH> Report abuse to listadmin@xxxxxxxxxxxxxx





--

Best regards,

 Mathieu                            mailto:gollum123@xxxxxxx


All mail to and from this domain is GFI-scanned.





-- 

Best regards,

 Mathieu                            mailto:gollum123@xxxxxxx

------------------------------------------------------- List Archives: http://www.freelists.org/archives/exchangelist/ MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/ MSExchange Blogs: http://blogs.msexchange.org/ ------------------------------------------------------- Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------- To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: