This is the way I setup mine as well. It keeps unlikely people out of my BE server. -----Original Message----- From: Winston Akin-Cole [mailto:wcole@xxxxxxx] Sent: Tuesday, June 24, 2003 11:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org I setup my FE/BE exchange because i did no t want the external clients hiting my BE exchange. This way my BE is protected. -----Original Message----- From: Jim Prato [mailto:jprato@xxxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 12:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Hi guys, I am looking at a similar setup, and originally thought there was a need for both a F/E and B/E Exchange servers. I only have ONE exchange server, and do not have the need for the advantage of a single point of entry for OWA provided by an additional F/E server. I also have discovered that my exchange server can continue to reside in my internal network and be accessible to my local LAN clients through Outlook, and also have OWA published by ISA server. So my revised plan eliminates the F/E server. Does anyone think this is a bad idea? Thanks. jp -----Original Message----- From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org The way I have it setup in my Beta testing is that I have a Front-end server sitting in front of my ISA box with a Certificate and then I publish it through ISA to my backend server. Seems to work okay. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Hi Mark, Because Verisign sells the certs and they say you need to pay for a cert for each machine. However, if the question is whether you need two SSL certs to make the FE/BE config work, I'm pretty sure you don't. Just install the single cert on the ISA firewall and bind it to the listener. HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Just curious why is two needed? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Hi Winston, Unfortuatnely, that is correct. If you have Administrative control over the clients, you might consider using your own certificate server. This also discourages users from using Kiosks and other unsecure sites from connecting to OWA. I never allow connections from completely unmanaged and untrusted computers, so if you have that option, you might consider it. HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mark.kingery@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jprato@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wcole@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mark.kingery@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')