RE: ISA ssl owa AND webs...

• From: Michael <freakywinston@xxxxxxxxx>
• To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 16 Mar 2005 19:58:36 -0800 (PST)

Thanks Tom You are RIGHT on... Let me say it this way, and perhaps put a little 
twist on it:
 
I do need to bridge BOTH, a web site and OWA site ultimately found on the LAN 
going through ISA from the internet.. I wish to use SSL from the internet 
client to ISA, then SSL from internal card of ISA to the appropriate server on 
the LAN - when the intenet user types Mail.Widgets.com they connect to 
172.1.1.1 bound to external (actually DMX through a PIX), when they use 
Internet Explorer and reach www.Widgets.com they connect to 172.1.1.2 both of 
these addresses and bound to the same Network interface card that is named DMZ, 
ISA defines the interfaces as "External" I haven't changed the definitions of 
the interface, and DID NOT use the templates in ISA either. Both the OWA and 
Web sites are physically located behind the ISA server (on the LAN) again, I 
have a split DNS solution in place. (MX record on the internet resolve to 
mail.widgets.com and the web site  www.widgets.com resolve corectly too)... So 
again, you are RIGHT on.
 
THANKS TOM...  I know you must get slamed with questions all the time... I feel 
the need to Offer something to you (Wisconsin Cheese!!) or perhaps someday I 
will be able to help you out... it'll just some back - Karma I guess! 
 
 
Mike 

Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
http://www.ISAserver.org
Hi Mike,
 
No problem about the email address. :)
 
let's see if I have this right. You have two IP addresses bound to the external 
interface: a primary address (the one on top) and a secondary address.
 
You want to publish two SSL sites. You need to create two different sites, one 
using FBA and one using only Basic auth. One listener is bound to the primary 
address and the second listener is bound to the secondary address. 
 
Am I right so far?
 
Thanks!
 

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
 


---------------------------------
From: Michael [mailto:freakywinston@xxxxxxxxx] 
Sent: Wednesday, March 16, 2005 9:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA ssl owa AND webs...



http://www.ISAserver.org Shoot Tom,  I sent you a spell checked version of this 
mail from my corporate/prefessional e-mail account... I fugured this e-mail 
adress you'd think I nut case was contacting you - THANKS for 
repsonding/helping me out so quick!!!!
 
 
No NLB, I l added an additional IP address from the TCP/IP properties of my 
"Network Places -> DMZ "renamed network" -> ADVANCED...  I figured I could mess 
with the good old Network layer OSI...  
 
Mike


Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
http://www.ISAserver.org

Hi Michael,

What do you mean by "virtual" IP address? Are you running NLB on the
external interface of an ISA Enterprise Edition array? 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Michael@xxxxxxxxx [mailto:Michael@xxxxxxxxx] 
Sent: Wednesday, March 16, 2005 8:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA ssl owa AND webs...

http://www.ISAserver.org

Hey all,

Any suggestions I would totally appreciate:

I have a 2 NICs ISA 2004 box, obviously 1 NICs "internal" one
"external".
I have created 2 IPs on the external (Prior to reading the issues
regarding the use of "Supporting both BASIC and FBA authentication with
a
single external IP address and Web Listener" article on ISAServer.Org.
With a wild card cert (*.Widgets.Com) and a wed listener configured on
that interface, I CAN get to the internal web sites using bridged mode.
When I connect to MAIL.WIDGETS.COM from the outside/internet I do get
the
FBA "form" but then the internal Front End Exchange/Active Directory
will
NOT allow the SSL to connect to the Back End Exchange Servers (I have
checked the certificate name MANY times & re-issued the internal ISA &
Front End Exchange certificate a few times to ensure it's "name is
correct)... Just NO GO!!!!! Maybe I should get rid of the second
"virtual IP address" for the OWA listener & it's Certificate and use one
listener? Have any of you been successful using one EXTERNAL card,
publishing BOTH SSL bridged "mode" OWA and Web sites? I know that (from
ISA.Org and testing, that FBA and other forms of authentication on a web
listener are mutually exclusive, thus the virtual IP on the external).
Have any of you tried/do OWA bridged SSL AND SSL bridged WEB publishing?
If so any tips/suggestions? I am pulling out my hair - and I don't have
much to begin with!!!

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
Michael@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


---------------------------------
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site! 
------------------------------------------------------ List Archives: 
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: 
http://www.isaserver.org/pages/larticle.asp?type=FAQ 
------------------------------------------------------ Other Internet Software 
Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com 
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange 
Server Resource Site: http://www.msexchange.org Windows Security Resource Site: 
http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ 
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com 
------------------------------------------------------ You are currently 
subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist Report
 abuse to listadmin@xxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
Michael@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 
                
---------------------------------
Do you Yahoo!?
 Yahoo! Small Business - Try our new resources site! 

Other related posts:

• » ISA ssl owa AND webs...
• » RE: ISA ssl owa AND webs...
• » RE: ISA ssl owa AND webs...
• » RE: ISA ssl owa AND webs...
• » RE: ISA ssl owa AND webs...

1. Home
2. isalist
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---