Re: ISA 2006 and Listeners Part 2!
- From: "AndyJ" <andyjones99@xxxxxxxxxxxxx>
- Date: 18 Dec 2006 06:42:20 -0800
Phillip
You are missing the point. There is such a thing as port forwarding and
its being done by my router. It simply forwards any HTTP packets onto
my ISA server. I am fully aware of what ISA does and the article you
mention does not help, I dont just want to publish OWA. I have seen
this article loads of times in the past.
I want to publish OWA with FBA, EAS and also any other web sites I
have internally as well as my SMTP FE server and I am using ISA 2006.
The problem stems from the fact that I have to define different
listeners for each service when the services are all HTTP based. My
router can only forward HTTP packets to one IP address, so at that
stage its game over as the listeners for my other websites are
listening on a different IP. What I was saying is that I could get my
router to direct HTTPS traffic to my OWA/EAS listener and get it to
forward HTTP traffic to the strandard web site listener.
AJ
hillip Windell wrote:
"AndyJ" <andyjones99@xxxxxxxxxxxxx> wrote in message
news:1166207714.455467.87800@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
OK spoke too soon. I can only port forward to a specific IP address
when I changed port forwarding for HTTP and HTTPS to forward to the new
listener IP it worked for my website but broke my OWA/EAS access. So
how about I just port forward HTTP to the web listener that does not
require authentication and HTTPS to the listener IP that does. This way
my mail services which I need to authenticate before using should work
as they use HTTPS. I will get a problem though when I want to publish a
web site that is secured using SSL but does not require clients to
authenticate.
Ok, we may have to backup to the beginning. Let's clarify some terminology
first....
There is no such thing as "port forwarding", the ports are not going
anywhere, they aren't doing anything,...they aren't even the focus of what
is really happening. The term port forwarding is techno-slang and is a
"creation" of the SOHO Market and is the kind of thing you get when you let
sales & marketing departments define the dictionary.
What we are dealing with is called Web Publishing by ISA and is a form of
Reverse HTTP Proxying. Now with SSL everything has to be exact. You can't
simply "try this" and then "try this" and then "try this".
This below is the best article I know of to deal with this. If you just
follow what it describes it will work. I used it and everything work
correctly on the first shot and I had never performed it before at the time
did it. Assuming you already have your Certs in place and working properly
you can just skim over those parts of the article.
Publishing OWA Sites using ISA Firewall Web Publishing Rules (2004) Version
1.1
http://www.isaserver.org/articles/2004pubowartm.html
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
.
- References:
- ISA 2006 and Listeners Part 2!
- From: AndyJ
- Re: ISA 2006 and Listeners Part 2!
- From: AndyJ
- Re: ISA 2006 and Listeners Part 2!
- From: AndyJ
- ISA 2006 and Listeners Part 2!
- Prev by Date: Re: ISA 2004 - Block Incoming FTP From Some IPs
- Next by Date: Re: how to change idle session timeout for a particular applicatio
- Previous by thread: Re: ISA 2006 and Listeners Part 2!
- Next by thread: Re: ISA 2006 and Listeners Part 2!
- Index(es):
Relevant Pages
|
