Re: ISA Configuration question
- From: "infinitiguy" <derek@xxxxxxxx>
- Date: Fri, 18 Jul 2008 13:45:57 -0400
Yea, I was on there... tons of documentation... I guess I have to just start reading all of it..
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message news:%23GW9r0N6IHA.2240@xxxxxxxxxxxxxxxxxxxxxxx
Look for the Publishing Tutorials for OWA on www.isaserver.org
Each componenet you make available is a separate Rule, separate project.
Focus on things in this order (in my opinion):
1. Exchange SMTP,..so mail works in the first place
2. OWA next
3. Other non-mail related websites
4. Activesync and OMA,...hmmm...good luck. Been running ISA & Exchange for years,...never got that to work. Can't even find good documentation for it. The problem is MS gave more than one product the same name (ActiveSync) so when you do a search for documentation mostly all you get is material for the ActiveSync Application that you use for syncing mobile devices with a serial cable or USB cable. What material I have found simply "assumes" that if OWA works then OMA and ActiveSync just simply "work" and there is no possiblity that they won't work,..so it isn't really dealt with.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"infinitiguy" <derek@xxxxxxxx> wrote in message news:CB2F2606-AF2D-45CC-B3AF-84D13C45A9F4@xxxxxxxxxxxxxxxxHey folks,
Having a little bit of a problem trying to figure out exactly what I need to
do here. I'm new to ISA Server 2006(in fact only started reading about it
today.) What I'm trying to achieve is OWA/ActiveSync access outside of my
organization without having to use any kind of VPN connection(through our
cisco vpn 3000..)
I have an office communication server(which I'd also like to get publically
available sometime..) and two exchange servers(although only one I'm
interested in getting working) on my internal network.
My internal network is a 10.65.x.x network. My perimeter/DMZ network is a
10.70.x.x network (each address has a static NAT mapping to an external
address.)
Amer-comm2 - communications server - 10.65.6.100
Exch-Ems2 - exchange 2007 server 10.65.6.101 (im not really interested in
hooking up the exchange 2003 server to any of this functionality... This
exch2k7 server hosts the CAS, Mailbox and hub transport roles)
Mobilemail - CAS Server 10.65.6.102. The exchange server also has a CAS
role, but I'd like to follow a little bit of the proper guidelines and have
the OWA/Activesync functions not be on the main exchange server.
Then I'm planning on now having amer-isa.. which will be my ISA server.
This will be deployed into a DMZ, managed by our Checkpoint Firewalls. It
will have an IP address of 10.70.0.150. This will be mapped to an external
IP on our ISP, and connections the ISA server will have with the internal
network, and the internet will be goverened by our checkpoint firewall.
Here's where I start to have some confusion. I in no way want to replace my
checkpoint with the ISA server in being the firewall. When it asks me to
define the internal network, should I define the internal network as
10.65.x.x(0.0 - 255.255)? Will that cause any holes in my network based on
how ISA operates?
I don't want to make the ISA server a domain member if I can help it because
I just don't feel good about having a windows domain member hanging out on
the internet.
I'm deploying this in a virtualized environment for the time being(in a
testing phase). So I currently only have a single NIC, but if the server
needs to be multihomed for any of this to work I can add in multiple nics on
multiple subnets if need be.
Any thoughts or direction would be most appreciated.
Cheers,
-Derek
.
- References:
- ISA Configuration question
- From: infinitiguy
- Re: ISA Configuration question
- From: Phillip Windell
- ISA Configuration question
- Prev by Date: Re: ISA Configuration question
- Next by Date: Re: HTTP Access blocked
- Previous by thread: Re: ISA Configuration question
- Next by thread: HTTP Access blocked
- Index(es):
Relevant Pages
|
