[ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 7 Jul 2006 15:52:06 -0300

True, but it's very close.

S

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mathieu CHATEAU
Sent: Friday, July 07, 2006 2:55 PM
To: Tom Shinder
Cc: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

 

http://www.msexchange.org
------------------------------------------------------- 

Hello Thomas,

 

as far as i know, isa 2006 is not in a production version

 

interesting information anyway

 

cheers,

Mathieu CHATEAU

 

Friday, July 7, 2006, 7:42:23 PM, you wrote:

 

> 

In ISA 2006, you can use specific LDAP servers and then filter on a
string, such as the string for the log on domain. Very cool.

 

Thomas W Shinder, M.D.

Site: www.isaserver.org <http://www.isaserver.org/> 

Blog: http://blogs.isaserver.org/shinder/
<http://blogs.isaserver.org/shinder/> 

Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 

MVP -- ISA Firewalls

 

 

 

________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder

Sent: Wednesday, July 05, 2006 7:44 PM

To: Mathieu CHATEAU

Cc: exchangelist@xxxxxxxxxxxxx

Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

 

Hi Mathieu,

 

You could use RADIUS proxy in order to forward to the correct RADIUS
server.

 

HTH,

Tom

 

Thomas W Shinder, M.D.

Site: www.isaserver.org <http://www.isaserver.org/> 

Blog: http://blogs.isaserver.org/shinder/
<http://blogs.isaserver.org/shinder/> 

Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 

MVP -- ISA Firewalls

 

 

 

________________________________

From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx] 

Sent: Tuesday, July 04, 2006 12:20 PM

To: Thomas W Shinder

Cc: exchangelist@xxxxxxxxxxxxx

Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

 

Hello Thomas,

 

the problem is how ISA will find the good exchange to send the user to.

And what happens if user A exist in both ? :)

 

As I said before, there is no domain trust.

 

I finally come with two DNS, each poiting to a different AD+Exchange

 

thanks,

Mathieu CHATEAU

 

 

Tuesday, July 4, 2006, 6:56:19 PM, you wrote:

 

> 

Or with ISA 2006 firewalls, you can use LDAP authentication.

 

Thomas W Shinder, M.D.

Site: www.isaserver.org <http://www.isaserver.org/> 

Blog: http://blogs.isaserver.org/shinder/
<http://blogs.isaserver.org/shinder/> 

Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 

MVP -- ISA Firewalls

 

 

 

________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison

Sent: Sunday, July 02, 2006 12:29 AM

To: Mathieu CHATEAU

Cc: exchangelist@xxxxxxxxxxxxx

Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

 

Using webmail.domain.tld & webmail2.domain.tld requires separate certs
unless you go with a wildcard *.domain.tld cert.

 

You'll have to use a RADIUS server per listener; this way, you can
separate them to each domain.

 

 

________________________________

From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx]

Sent: Sat 7/1/2006 2:13 PM

To: Jim Harrison

Cc: exchangelist@xxxxxxxxxxxxx

Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

 

Hello Jim,

                *

thanks for your answer !

 

i have many ip but the cert is just for one FQDN...

 

Do you mean that radius will find in which AD the user exist and then

redirect him to the good exchange ?

 

cheers,

Mathieu CHATEAU

               

Saturday, July 1, 2006, 5:10:45 PM, you wrote:

 

JH> http://www.msexchange.org <http://www.msexchange.org/> 

JH> -------------------------------------------------------How many

JH> external IPs do you have to work with?

JH> If you have more than one, the multiple cert idea will work.

JH> Otherwise, you're going to have to use a wildcard cert on the ISA
itself.

 

JH> Regarding the use auth, all you need to do is use RADIUS for the
non-trusted AD.

JH> FBA can resolve accounts with RADIUS jes' fine, jes' fine...

 

JH> Make sure you have SP2 and the 916106 rollup installed and take a
read here:

JH> http://support.microsoft.com/kb/884560
<http://support.microsoft.com/kb/884560> 

 

JH> -------------------------------------------------------

JH>    Jim Harrison

JH>    MCP(NT4, W2K), A+, Network+, PCG

JH>    http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/> 

JH>    http://isatools.org <http://isatools.org/> 

JH>    Read the help / books / articles!

JH> -------------------------------------------------------

JH> 

 

JH> -----Original Message-----

JH> From: exchangelist-bounce@xxxxxxxxxxxxx

JH> [mailto:exchangelist-bounce@xxxxxxxxxxxxx
<mailto:exchangelist-bounce@xxxxxxxxxxxxx> ] On Behalf Of Mathieu
CHATEAU

JH> Sent: Saturday, July 01, 2006 04:07

JH> To: exchangelist@xxxxxxxxxxxxx

JH> Subject: [ExchangeList] ISA 2004 as OWA FE and multiple domains

 

JH> http://www.msexchange.org <http://www.msexchange.org/> 

JH> -------------------------------------------------------Hello
exchangelist,

 

 

JH> I am looking for a temporary solution.

JH> Here is the setup:

JH> One ISA 2004 acting as reverse proxy.

JH> One AD with exchange 2003

JH> One AD with exchange 2003.

 

JH> I must provide OWA & ActiveSync access to users in both domain from
the ISA 2004.

JH> There isn't domain trust between domains up to now.

 

JH> I am thinking about doing something like:

JH> webmail.XXX.com/Exchange/

JH> webmail.XXX.com/Exchange2/

 

JH> or:

JH> webmail.XXX.com/Exxchange/

JH> webmail2.XXX.com/Exchange/

 

JH> The second looks much easier, but i only have one SSL

JH> certificate, so would have to self generate for webmail2.

 

 

JH> I need a temporary workaround, all users will be in one AD in a
month.

 

JH> I am using formbased on ISA.

 

JH> Thanks in advance !

JH> Mathieu CHATEAU

JH> http://lordoftheping.blogspot.com
<http://lordoftheping.blogspot.com/> 

 

 

 

JH> -------------------------------------------------------

JH> List Archives: http://www.freelists.org/archives/exchangelist/
<http://www.freelists.org/archives/exchangelist/> 

JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp
<http://www.msexchange.org/pages/newsletter.asp> 

JH> MSExchange Articles and Tutorials:

JH> http://www.msexchange.org/articles_tutorials/
<http://www.msexchange.org/articles_tutorials/> 

JH> MSExchange Blogs: http://blogs.msexchange.org/
<http://blogs.msexchange.org/> 

JH> -------------------------------------------------------

JH> Visit TechGenix.com for more information about our other sites:

JH> http://www.techgenix.com <http://www.techgenix.com/> 

JH> -------------------------------------------------------

JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp
<http://www.msexchange.org/pages/exchangelist.asp> 

JH> Report abuse to listadmin@xxxxxxxxxxxxxx

 

 

JH> All mail to and from this domain is GFI-scanned.

 

JH> -------------------------------------------------------

JH> List Archives: http://www.freelists.org/archives/exchangelist/
<http://www.freelists.org/archives/exchangelist/>  

JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp
<http://www.msexchange.org/pages/newsletter.asp> 

JH> MSExchange Articles and Tutorials:

JH> http://www.msexchange.org/articles_tutorials/
<http://www.msexchange.org/articles_tutorials/> 

JH> MSExchange Blogs: http://blogs.msexchange.org/
<http://blogs.msexchange.org/> 

JH> -------------------------------------------------------

JH> Visit TechGenix.com for more information about our other sites:

JH> http://www.techgenix.com <http://www.techgenix.com/> 

JH> -------------------------------------------------------

JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp
<http://www.msexchange.org/pages/exchangelist.asp> 

JH> Report abuse to listadmin@xxxxxxxxxxxxxx

 

 

 

 

--

Best regards,

 Mathieu                            mailto:gollum123@xxxxxxx
<mailto:gollum123@xxxxxxx> 

 

All mail to and from this domain is GFI-scanned.

 

 

 

 

-- 

Best regards,

 Mathieu                            mailto:gollum123@xxxxxxx
<mailto:gollum123@xxxxxxx> 

 

 

 

 

-- 

Best regards,

 Mathieu                            mailto:gollum123@xxxxxxx
<mailto:gollum123@xxxxxxx> 

------------------------------------------------------- List Archives:
http://www.freelists.org/archives/exchangelist/ MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp MSExchange Articles and
Tutorials: http://www.msexchange.org/articles_tutorials/ MSExchange
Blogs: http://blogs.msexchange.org/
------------------------------------------------------- Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------- To unsubscribe
visit http://www.msexchange.org/pages/exchangelist.asp Report abuse to
listadmin@xxxxxxxxxxxxxx 

Other related posts: