ISA 2004 and Exchange 2003 Publishing
- From: "Mustafa Cicek" <mbcicek@xxxxxxxxx>
- To: exchangelist@xxxxxxxxxxxxx
- Date: Sun, 12 Sep 2004 06:28:40 -0600
Hi!
Fisrt of all, I'm sorry for my bad English. I hope I can describe my
problem correctly.
I am very new in ISA infrastructure. My aim is to use ISA 2004 and to
publish the services of Exchange Server 2003 which has a
front-end/back-end infrastructure.
Unfortunately I have big problems in my test enviorement. My test
anvironment is like that:
INTERNET <> NETSCREEN FIREWALL 1 <> ISA 2004 <> NETSCREEN FIREWALL 2 <> INTERNAL
NETWORK with Font-End/Back-End/Global Catalog Server.
INTERNAL NETWORK:
- All server are installed on Windows 2003 Server
- Windows 2003 Active Directory is deployed for internal server only. It
means that ISA 2004 is not a domain member server. It has own workgroup.
DC/GC Server: 10.10.4.3
Front-End-Exchange: 10.10.4.1
Back-End-Exchange: 10.10.4.2
ISA:
- ISA 2004 has two interfaces and is configured as a router (not as proxy)
internal IP address: 213.183.4.118
external IP address: 213.183.4.125
- I published OWA and SMTP/IMAP4/POP3 with publish mail server wizard.
NETSCREEN FIREWALLs:
- Netscreen Firewall 1 routes the packets from/to Internet
- Netscreen Firewall 2 is configured as NAT for internal network and
Front-End-Exchange has a NAT address 213.183.4.116.
- All inbound (incoming) connections for OWA/OMA/ActiveSync/RPC over
HTTP/SMTP/POP3/IMAP4 are addressed to external IP address of ISA 2004.
CERTIFICATES:
- DC/Global Catalog Server is also my Certificate Authority.
- Front-End-Exchange has its own certificate from CA. This certificate is
also copied to ISA 2004.
- The published services record in external DNS (for example OWA) has the
same Common Name like the certificates has: owa.testdomain.net.
DNS:
- I have an external and internal DNS server. The internal DNS is
responsible for the internal server (FE/BE/GC), and the external DNS is
located in INTERNET.
- If the internal DNS doesn't know the address in its database, it
forwards DNS requests to the external DNS.
internal DNS: 10.10.4.3
external DNS: 213.183.0.1
Hier is some DNS records of external DNS:
MX record >>> 213.183.4.125 (external IP of ISA)
Host record >>> owa.testdomain.net (external IP of ISA)
What is not functioning in my environment:
OWA/OMA:
If I access OWA (Front-End) with https://owa.testdomain.net/exchange,
fisrt, I have the certifcate warning (accept the certificate or not). I
accept the certificate, thenn, I have the error page principal name is not
found!
If I access OWA with the internal address,
https://frontend.testdomain.net, I cann access the OWA pages without any
problem.
SMTP/POP3/IMAP4:
I use the external IP address of ISA (213.183.4.125) as SMTP/POP3/IMAP4
server address. I cannot access SMTP/POP3/IMAP4. There is always an error
that indicates that the server is not found.
My QUESTIONS:
1) Is it correct that I configured/installed the ISA Server as Router not
as Webproxy? If I must configure it as Webproxy, I cannot use the full
function of ISA for SMTP/POP3/IMAP4?!
2) Can it be a DNS problem?
3) Perhaps a certificate problem?
4) Any other error sources?
Please help me...!
THANKS for responses!!!
Best Regards
Mustafa
Other related posts:
