RE: Internet Access and OWA access
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 2 Aug 2005 19:31:57 -0500
Hi Troy,
Will be easy enough to put together. Looks forward to it in the next
week. I'll send a note to the list when the pre-release version is
available.
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 3:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access and OWA access
http://www.ISAserver.org
Tom,
Do you have any docs on that? I think you mentioned it once
before and you said you might write something up.
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 2:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access and OWA access
http://www.ISAserver.org
Hi Alex,
That's great! I publish must own SharePoint site using
SSL to SSL bridging and it works a treat. I even do a nice trick where
the ISA firewall is a domain member, but uses RADIUS to auth users in a
different domain :)
Have fun!
Tom
www.isaserver.org/shinder
<http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Alex Gonzalez
[mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 2:32 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet Access and
OWA access
Not anymore I wont but for this I unfortunatly
had too. As a matter of fact with the help you gave me I was able to
figure out how to publish an SSL sharepoint and another SSL buisness
objects site. Thanks again Tom I really appreciate all the help. Next
time I will try the full blown install of ISA.
Thanks again,
Alex
________________________________
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: Tue 8/2/2005 3:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access and OWA
access
http://www.ISAserver.org
Hi Alex,
That's great! Also good to hear no more unihomed
ISA firewalls :-)
Tom
www.isaserver.org/shinder
<http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server
2004
http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Alex Gonzalez
[mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 12:42 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet
Access and OWA access
Wow it's actaully working. Thanks for
all your help. I really appreciate it. And I promise not to implement
single homed again.
Alex
________________________________
From: Alex Gonzalez
[mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tue 8/2/2005 11:13 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet
Access and OWA access
Ok following your tips for setting up
the site I can hit it internally if I am proxying through the ISA server
but I can not hit it externally if I use a host file for DNS name to the
nat'd address (198 address to the 172 ISA address) of the ISA server. I
have then added to the host file on the ISA server the internal IP
address of the OWA server.
Getting closer though...
Alex
________________________________
From: Alex Gonzalez
[mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tue 8/2/2005 10:30 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet
Access and OWA access
Why is the DNS server on a different
Network ID? There is no DNS in the DMZ
Are there Networks behind the ISA
firewall? The ISA server sits in a DMZ so yes.
Does the default gateway provide a path
to both the Internet *and* the OWA server? From the ISA server I can get
to the OWA server and the Internet but as far as a path, are you talking
about like a layer 3 route?
IP? Is this what appears on the "To"
tab? If so, this won't work. The entry on the "To" tab must be same as
the common/subject name on the Web site certificate bound to the OWA
site. Ok this I can change. That means I need to create an internal
host record for it then correct?
So the listener is listening on this
address only, right? Yes. There is a firewall NAT from a 198 address
that nats to this.
Use Forms-based authentication or Basic
auth. FBA is more secure and you should use it whenever publishing an
OWA site. Remember to turn off FBA on the Exchange Server. Ok this I
can change but how is ISA going to get the OWA FBA form?
If the ISA firewall is a domain member,
or if you have a RADIUS server on the corpnet, then you can
pre-authenticate at the ISA firewall, which is a more secure config. The
server is a domain member.
I suspect your have a routing problem or
a name resolution problem. This ISA firewall must be able to resolve the
name on the "To" tab to the address of the OWA site, depending on the
routing relationship between the ISA firewall's Network and the OWA
server's Network (Route or NAT). And let me guess. It's because DNS
sits on a different segment and the server is single homed on a
different one with no DNS?
P.S -- See, if you're willing to put up
with just a little abuse, you can get some helpful info (I learned this
from Jim H. ;-) I dont mind too much abuse and I appreciate the help.
I am more of an Exchange/AD/SMS (which is getting boring) guy. This ISA
stuff is new to me but so far I am liking it quite a bit. I thought SMS
was a pain to get working.
Thanks for all the help.
Alex
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tradtke@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
