RE: OT SSL
- From: "Winston Akin-Cole" <wcole@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 24 Jun 2003 12:57:06 -0400
I setup my FE/BE exchange because i did no t want the external clients
hiting my BE exchange. This way my BE is protected.
-----Original Message-----
From: Jim Prato [mailto:jprato@xxxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 12:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL
http://www.ISAserver.org
Hi guys,
I am looking at a similar setup, and originally thought there
was a need for both a F/E and B/E Exchange servers.
I only have ONE exchange server, and do not have the need for
the advantage of a single point of entry for OWA provided by an
additional F/E server. I also have discovered that my exchange server
can continue to reside in my internal network and be accessible to my
local LAN clients through Outlook, and also have OWA published by ISA
server.
So my revised plan eliminates the F/E server. Does anyone think
this is a bad idea?
Thanks.
jp
-----Original Message-----
From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL
http://www.ISAserver.org
The way I have it setup in my Beta testing is that I
have a Front-end server sitting in front of my ISA box with a
Certificate and then I publish it through ISA to my backend server.
Seems to work okay.
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL
http://www.ISAserver.org
Hi Mark,
Because Verisign sells the certs and they say
you need to pay for a cert for each machine.
However, if the question is whether you need two
SSL certs to make the FE/BE config work, I'm pretty sure you don't. Just
install the single cert on the ISA firewall and bind it to the listener.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
<http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Kingery, Mark
[mailto:Mark.Kingery@xxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL
http://www.ISAserver.org
Just curious why is two needed?
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:05 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL
http://www.ISAserver.org
Hi Winston,
Unfortuatnely, that is correct. If you
have Administrative control over the clients, you might consider using
your own certificate server. This also discourages users from using
Kiosks and other unsecure sites from connecting to OWA. I never allow
connections from completely unmanaged and untrusted computers, so if you
have that option, you might consider it.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
<http://www.isaserver.org/shinder>
ISA Server and Beyond:
http://tinyurl.com/1jq1
Configuring ISA Server:
http://tinyurl.com/1llp <http://tinyurl.com/1llp>
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: mark.kingery@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: jprato@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: wcole@xxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
