Re: The Most Secure Way to Publish OWA 2003

In my test enviornment I'm using SSL to SSL bridging (I think). That
is, the cert and the FBA live on ISA 2004 which was imported from the
cert exchange server and in addition on the exchange 2003 server
"require ssl authentication" is checked on exchange, public, and
exchweb in IIS. Therefore when I loggon to OWA from the outside I get
a cert prompt and and then an FBA form. When I loggon from the insde I
only get a cert promt and a username and password BOX (because FBA can
only be installed on one).

Inorder to make it less confusing for my users I would like to place
FBA on exchange 2003 server to they get the FBA on the outside and
inside not sure if this. Not sure if this is secure because I will need
to use basic authentication.

If you need a more info on how to get to work.

Thanks for the info!!



Phillip Windell wrote:
The most secure way is SSL-to-SSL Bridging.
It may require 2 Certs, but I have never got a straight answer out anyone on
that.
I'm trying to do it here, but after two weeks I am still trying to get good
information for the whole process from beginning to end that doesn't leave
out important details or make wrong assumptions about the environment and
end up describing a scenario for a different environment that is useless.

FBA is done specifically on the ISA,..*not* on OWA.
I think it requires the Forwarding of Basic Aithentication Credentials to be
enabled so the ISA takes the credentials from the FBA and passes them to the
OWA.

The other options are:

1. SSL-to-HTML Bridging
SSL on the outside, HTML between ISA and OWA

2. SSL Tunneling
A single SSL connection from the User to OWA, but ISA does not decrypt
and inspect it. Basically this is the same as what you get with a typical,
less capable, hardware firewall.

3. Plain Web Publishing,...HTML all the way through.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------

"tynon" <havila72@xxxxxxxxx> wrote in message
news:1163685066.090514.291120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Greetings All,

I hope this is the appropraite forum for my post....
I would like to publish OWA 2003. I'm not sure if I should simply
allow my ISA 2004 server to handle the FBA and SSL Cert or if I sould
just let the exchange server do that work. My assumption is that I can
publish OWA by configuring the listener for port 443 without selecting
an SSL cert. The cert would exist on the exchange server so all the
authentication and cert distribution would take place on the Exchange
server. If this config is possible is it as secure as having ISA 2004
handle the FBA and SSL Cert? Any tips and advice are greatly
appriciated.

Thank you,


.

Relevant Pages