Re: AAAAAHHHH! ISA is making me crazy

well, I recreated owa publishing rule. however, when i try to access
the site from outside it makes the initial connection prompting me
about the cert, I hit yes then it goes to 403 forbidden. ISA shows
denied by default rule
christopher.welty@xxxxxxxxx wrote:
Ok..heres the latest. ISA was configured with the edge firewall
template. Changed that to a 3 leg network config. Now...hurray! SMTP
and POP3 publish works!

Ok..I need to recreate my owa publishing and get that working again.
However the other dilema is the internal clients are now unable to
access exchange services....
This started when I changed the exchange default GW to the IP of the
internal interface of the ISA box


christopher.welty@xxxxxxxxx wrote:
oh...to put everything out there.

This ISA server will be used to publish OWA (currently the only thing
works), SMTP, POP3 and activesync


christopher.welty@xxxxxxxxx wrote:
"The Exchange Server must be operating as a SecureNAT Client"
I was afraid of that.

Ok so i started anew this morning. I disabled smtp service on isa,
disabled the rule I had created to allow the relay to take place.

I reconfigured exchange to be securenat client to the isa firewall.
(changed exchange default gateway to be the ip address of the internal
nic of the isa server)
In this network servers are on a seperate vlan. The ip of the internal
nic on the isa server is connected to the server vlan, which is where
exchange is as well.
(I can no longer access exchange from the internal network I'll deal
with that later)

I am able to access the exchange server from the ISA server. I Created
pop3/smtp publishing rules pointing to the IP address of the exchange
server.

Tested connectivity from an external source (telnet port 25, and 110 to
test both) I am unable to connect, isa log shows it was blocked by the
default rule :-(

Phillip Windell wrote:
Since the publishing rule only deals with Inbound,...I think you have to
create a separate outbound Rule for SMTP (the normal one, not the server
one) so the Exchange box can send mail outbound (which is independent from
the inbound publishing). The rule has to be anonymous ("All Users") and the
rule needs to be high enough in the Rule list so that it doesn't get
overruled by some other Rule.

Don't worry about POP3,...it won't be outbound,..it is only inbound and the
publishing rule covers it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

.

Relevant Pages

  • Re: No inbound emails from outside domain
    ... Connecting to directory service on server wct. ... I don't think reinstalling Exchange will help. ... Do you have the ISA firewall client installed? ... On TELNET - it responded with code 220. ...
    (microsoft.public.windows.server.sbs)
  • RE: Exchange Activesync problem.
    ... ActiveSync with the Exchange Server. ... This is confirmed to be a problem when trying to use Microsoft Exchange ... Method 2 - Replace your Exchange Web Publishing rule with a Server ...
    (microsoft.public.windows.server.sbs)
  • RE: Tre650 "incorrect version"
    ... occur in ISA 2004 SP1, but this does not mean it is an issue of ISA. ... If you do not want to update server or smartphone OS, ... By replacing your Web Publishing rule with a Server Publishing ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • [fw-wiz] Exchange 2003 OWA compromise reached
    ... Thanks to all for your answers to my questions regarding Exchange 2003 OWA. ... Since we also want to move our ftp server onto a separate DMZ away from our ... we will attach the Microsoft ISA server outside interface to the ...
    (Firewall-Wizards)
  • RE: Front End/Back End communication
    ... MVP -- ISA Firewalls ... There is no such thing as security perfection. ... single front-end/back-end Exchange Server will find this setup to be ...
    (Focus-Microsoft)
Loading