RE: Internet Access and OWA access
- From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 2 Aug 2005 15:30:07 -0500
Tom,
Do you have any docs on that? I think you mentioned it once before and
you said you might write something up.
Troy
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 2:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access and OWA access
http://www.ISAserver.org
Hi Alex,
That's great! I publish must own SharePoint site using SSL to SSL
bridging and it works a treat. I even do a nice trick where the ISA
firewall is a domain member, but uses RADIUS to auth users in a
different domain :)
Have fun!
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
_____
From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 2:32 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet Access and OWA access
Not anymore I wont but for this I unfortunatly had too. As a matter of
fact with the help you gave me I was able to figure out how to publish
an SSL sharepoint and another SSL buisness objects site. Thanks again
Tom I really appreciate all the help. Next time I will try the full
blown install of ISA.
Thanks again,
Alex
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tue 8/2/2005 3:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Internet Access and OWA access
http://www.ISAserver.org
Hi Alex,
That's great! Also good to hear no more unihomed ISA firewalls :-)
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
_____
From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 02, 2005 12:42 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet Access and OWA access
Wow it's actaully working. Thanks for all your help. I really
appreciate it. And I promise not to implement single homed again.
Alex
_____
From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tue 8/2/2005 11:13 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet Access and OWA access
Ok following your tips for setting up the site I can hit it internally
if I am proxying through the ISA server but I can not hit it externally
if I use a host file for DNS name to the nat'd address (198 address to
the 172 ISA address) of the ISA server. I have then added to the host
file on the ISA server the internal IP address of the OWA server.
Getting closer though...
Alex
_____
From: Alex Gonzalez [mailto:AGonzalez@xxxxxxxxxxxxxxxxxxx]
Sent: Tue 8/2/2005 10:30 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Internet Access and OWA access
Why is the DNS server on a different Network ID? There is no DNS in the
DMZ
Are there Networks behind the ISA firewall? The ISA server sits in a
DMZ so yes.
Does the default gateway provide a path to both the Internet *and* the
OWA server? From the ISA server I can get to the OWA server and the
Internet but as far as a path, are you talking about like a layer 3
route?
IP? Is this what appears on the "To" tab? If so, this won't work. The
entry on the "To" tab must be same as the common/subject name on the Web
site certificate bound to the OWA site. Ok this I can change. That
means I need to create an internal host record for it then correct?
So the listener is listening on this address only, right? Yes. There is
a firewall NAT from a 198 address that nats to this.
Use Forms-based authentication or Basic auth. FBA is more secure and you
should use it whenever publishing an OWA site. Remember to turn off FBA
on the Exchange Server. Ok this I can change but how is ISA going to
get the OWA FBA form?
If the ISA firewall is a domain member, or if you have a RADIUS server
on the corpnet, then you can pre-authenticate at the ISA firewall, which
is a more secure config. The server is a domain member.
I suspect your have a routing problem or a name resolution problem. This
ISA firewall must be able to resolve the name on the "To" tab to the
address of the OWA site, depending on the routing relationship between
the ISA firewall's Network and the OWA server's Network (Route or NAT).
And let me guess. It's because DNS sits on a different segment and the
server is single homed on a different one with no DNS?
P.S -- See, if you're willing to put up with just a little abuse, you
can get some helpful info (I learned this from Jim H. ;-) I dont mind
too much abuse and I appreciate the help. I am more of an
Exchange/AD/SMS (which is getting boring) guy. This ISA stuff is new to
me but so far I am liking it quite a bit. I thought SMS was a pain to
get working.
Thanks for all the help.
Alex
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
