RE: OT SSL

• From: "Kingery, Mark" <Mark.Kingery@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 24 Jun 2003 13:58:41 -0500

This is the way I setup mine as well.  It keeps unlikely people out of my BE 
server.

-----Original Message-----
From: Winston Akin-Cole [mailto:wcole@xxxxxxx]
Sent: Tuesday, June 24, 2003 11:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


I setup my FE/BE exchange because i did no t want the external clients hiting 
my BE exchange.  This way my BE is protected.

-----Original Message-----
From: Jim Prato [mailto:jprato@xxxxxxxxxxxxxxx] 
Sent: Tuesday, June 24, 2003 12:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


Hi guys,
 
I am looking at a similar setup, and originally thought there was a need for 
both a F/E and B/E Exchange servers.
 
I only have ONE exchange server, and do not have the need for the advantage of 
a single point of entry for OWA provided by an additional F/E server. I also 
have discovered that my exchange server can continue to reside in my internal 
network and be accessible to my local LAN clients through Outlook, and also 
have OWA published by ISA server.
 
So my revised plan eliminates the F/E server. Does anyone think this is a bad 
idea?
 
Thanks.
 
jp

-----Original Message-----
From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


The way I have it setup in my Beta testing is that I have a Front-end server 
sitting in front of my ISA box with a Certificate and then I publish it through 
ISA to my backend server.
 
Seems to work okay.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


Hi Mark,
 
Because Verisign sells the certs and they say you need to pay for a cert for 
each machine.
 
However, if the question is whether you need two SSL certs to make the FE/BE 
config work, I'm pretty sure you don't. Just install the single cert on the ISA 
firewall and bind it to the listener. 
 
HTH,
Tom
 
Thomas W Shinder
 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 

-----Original Message-----
From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx] 
Sent: Tuesday, June 24, 2003 11:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


Just curious why is two needed?

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:05 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


Hi Winston,
 
Unfortuatnely, that is correct. If you have Administrative control over the 
clients, you might consider using your own certificate server. This also 
discourages users from using Kiosks and other unsecure sites from connecting to 
OWA. I never allow connections from completely unmanaged and untrusted 
computers, so if you have that option, you might consider it.
 
HTH,
Tom
 
Thomas W Shinder
 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mark.kingery@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jprato@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
wcole@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mark.kingery@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL

1. Home
2. isalist
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---