Re: ISA 2006 in DMZ for Activesync/OWA only Exchange 2003
- From: "GA" <nospam@xxxxxxxxxxxx>
- Date: Thu, 13 Sep 2007 15:15:26 -0400
Figured it out myself. Had to create another rule to allow LDAPS port 636
Inbound. For some reason the default protocol rule is for Outbound so that
would not work in my DMZ scenario.
When I enabled a rule for inbound to each of my DCs, pre-authentication
worked like a charm. Now I just need to add users to an AD group to allow
access.
"GA" <nospam@xxxxxxxxxxxx> wrote in message
news:ORQ2HXd1HHA.4712@xxxxxxxxxxxxxxxxxxxxxxx
Hi ISA experts! I am an ISA newbie building my first ISA server for Smart
Phone access to email for our sales reps.
Exchange OWA works internally. I am the Exchange Admin and am fairly
confident that Exchange is setup correctly although the FE/BE topology is
new to me as well.
My network guy wants ISA to live in the DMZ like this:
Public IP >> Edge switch (translates to private ip)>> ISA 2006 >> DMZ
Switch (translates another private ip to internal ip for FE server) >>
internal network (AD, Exchange FE/BE servers). I'm not sure if this is
even feasible.
I have done the certificate on FE and exported it then imported it on ISA,
published the rule using the wizard, single network config on ISA. The
only port we have open between DMZ and internal network is 443.
When I try to connect using a smart phone, I can get a username/password
prompt, but it fails to authenticate to ISA. What am I missing? I have
read on some websites that the smart phone needs the certificate installed
manually, but I don't buy that. It defeats the purpose of being able to
deploy a remote solution. Besides, I tried that and it still doesn't
work.
.
- Prev by Date: MOSS 2007 Setup
- Next by Date: Re: Strange Issues Moving from ISA 2000 to New Domain
- Previous by thread: MOSS 2007 Setup
- Next by thread: ISA 2004 - Error 1460: Time-out
- Index(es):
Relevant Pages
|
Loading
