Re: ISA 2006 Architecture Design

Try answering the questions....

Obviously these ISA servers are in a DMZ and protected by Packet Filter
Corporate FW's and no they'll never change. That's the facts of life...and
no we have no say or control of the Corp Security packet FW's.



"Phillip Windell" <@.> wrote in message
news:%23qhAVXbOHHA.3944@xxxxxxxxxxxxxxxxxxxxxxx
"Del" <del@xxxxxxxxxxx> wrote in message
news:%23vf1X2aOHHA.3900@xxxxxxxxxxxxxxxxxxxxxxx
Exchange 2003 with two Large Exchange Admin groups in two different
physical Data center locations.
2 ISA 2004 servers that are dedicated single NIC reverse Proxy

That right there stops everything. An ISA with one nic is nothing but a
"web caching server" based on the CERN Compliant Web Proxy Standard. It
may be able to do Web Publishing for OWA, but to me, that is a bunch of
needless extra complexity and a waiste of time.

ISA would have nothing to do with making your Exchange available to the
"outside". That will be the job of whatever you are already using for a
"firewall",...not the ISA. You use the firewall to make the Exchange
available to the outside just as if ISA never existed.

Now if they just flat replace their existing firewalls with the ISA, which
is a good idea to me, then you would use ISA's Publishing abilities to
deal with the Exchange server.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------





.

Relevant Pages

  • Re: No inbound emails from outside domain
    ... Connecting to directory service on server wct. ... I don't think reinstalling Exchange will help. ... Do you have the ISA firewall client installed? ... On TELNET - it responded with code 220. ...
    (microsoft.public.windows.server.sbs)
  • [fw-wiz] Exchange 2003 OWA compromise reached
    ... Thanks to all for your answers to my questions regarding Exchange 2003 OWA. ... Since we also want to move our ftp server onto a separate DMZ away from our ... we will attach the Microsoft ISA server outside interface to the ...
    (Firewall-Wizards)
  • RE: Front End/Back End communication
    ... MVP -- ISA Firewalls ... There is no such thing as security perfection. ... single front-end/back-end Exchange Server will find this setup to be ...
    (Focus-Microsoft)
  • Re: ISA 2004 and Exchange 2003 Error
    ... > I may make my Exchange server the only active directory computer and then ... > have the ISA server only for ISA. ... The System Policy exists on all ISA2004 machine, ...
    (microsoft.public.isa)
  • Re: AAAAAHHHH! ISA is making me crazy
    ... I recreated owa publishing rule. ... ISA shows ... This started when I changed the exchange default GW to the IP of the ... This ISA server will be used to publish OWA (currently the only thing ...
    (microsoft.public.isa)
Loading