Thanks Tom You are RIGHT on... Let me say it this way, and perhaps put a little twist on it: I do need to bridge BOTH, a web site and OWA site ultimately found on the LAN going through ISA from the internet.. I wish to use SSL from the internet client to ISA, then SSL from internal card of ISA to the appropriate server on the LAN - when the intenet user types Mail.Widgets.com they connect to 172.1.1.1 bound to external (actually DMX through a PIX), when they use Internet Explorer and reach www.Widgets.com they connect to 172.1.1.2 both of these addresses and bound to the same Network interface card that is named DMZ, ISA defines the interfaces as "External" I haven't changed the definitions of the interface, and DID NOT use the templates in ISA either. Both the OWA and Web sites are physically located behind the ISA server (on the LAN) again, I have a split DNS solution in place. (MX record on the internet resolve to mail.widgets.com and the web site www.widgets.com resolve corectly too)... So again, you are RIGHT on. THANKS TOM... I know you must get slamed with questions all the time... I feel the need to Offer something to you (Wisconsin Cheese!!) or perhaps someday I will be able to help you out... it'll just some back - Karma I guess! Mike Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Mike, No problem about the email address. :) let's see if I have this right. You have two IP addresses bound to the external interface: a primary address (the one on top) and a secondary address. You want to publish two SSL sites. You need to create two different sites, one using FBA and one using only Basic auth. One listener is bound to the primary address and the second listener is bound to the secondary address. Am I right so far? Thanks! Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls --------------------------------- From: Michael [mailto:freakywinston@xxxxxxxxx] Sent: Wednesday, March 16, 2005 9:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA ssl owa AND webs... http://www.ISAserver.org Shoot Tom, I sent you a spell checked version of this mail from my corporate/prefessional e-mail account... I fugured this e-mail adress you'd think I nut case was contacting you - THANKS for repsonding/helping me out so quick!!!! No NLB, I l added an additional IP address from the TCP/IP properties of my "Network Places -> DMZ "renamed network" -> ADVANCED... I figured I could mess with the good old Network layer OSI... Mike Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Michael, What do you mean by "virtual" IP address? Are you running NLB on the external interface of an ISA Enterprise Edition array? Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Michael@xxxxxxxxx [mailto:Michael@xxxxxxxxx] Sent: Wednesday, March 16, 2005 8:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA ssl owa AND webs... http://www.ISAserver.org Hey all, Any suggestions I would totally appreciate: I have a 2 NICs ISA 2004 box, obviously 1 NICs "internal" one "external". I have created 2 IPs on the external (Prior to reading the issues regarding the use of "Supporting both BASIC and FBA authentication with a single external IP address and Web Listener" article on ISAServer.Org. With a wild card cert (*.Widgets.Com) and a wed listener configured on that interface, I CAN get to the internal web sites using bridged mode. When I connect to MAIL.WIDGETS.COM from the outside/internet I do get the FBA "form" but then the internal Front End Exchange/Active Directory will NOT allow the SSL to connect to the Back End Exchange Servers (I have checked the certificate name MANY times & re-issued the internal ISA & Front End Exchange certificate a few times to ensure it's "name is correct)... Just NO GO!!!!! Maybe I should get rid of the second "virtual IP address" for the OWA listener & it's Certificate and use one listener? Have any of you been successful using one EXTERNAL card, publishing BOTH SSL bridged "mode" OWA and Web sites? I know that (from ISA.Org and testing, that FBA and other forms of authentication on a web listener are mutually exclusive, thus the virtual IP on the external). Have any of you tried/do OWA bridged SSL AND SSL bridged WEB publishing? If so any tips/suggestions? I am pulling out my hair - and I don't have much to begin with!!! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Michael@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx --------------------------------- Do you Yahoo!? Yahoo! Small Business - Try our new resources site! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Michael@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx --------------------------------- Do you Yahoo!? Yahoo! Small Business - Try our new resources site!