RE: Publish External Websites Securely (ISA 2004)

Hello Brian,

Thank you for posting here. Let's also thank Cris for the input.

According to your description, I understand that you want to publish a
internal web site to Internet thru HTTPS on ISA 2004. If I have
misunderstood the problem, please don't hesitate to let me know.

Based on my research, I suggest we try the following steps:

1. Configure the IIS on the internal web server

a. Enable SSL on this web site. In this web site properties window, select
Web Site tab, input 443 in the SSL port box.

b. Assign certificate to this web site. In this web site properties window,
select Directory Security tab, click Server Certificate button. Go through
the wizard and assign a certificate with your public domain name
(www.domain.com) to this web site.

2. Set the web server's default gateway as ISA internal IP address.

3. Create Secure Web publishing rule on ISA

a. Start ISA Server Management.
b. Expand ServerName , where ServerName is the name of your ISA
Server-based computer, and then click Firewall Policy.
c. Click the Tasks tab, and then click Publish a Secure Web Server.
d. In the SSL Web publishing rule name box, type a descriptive name for
this rule, and then click Next.
e. Click SSL Tunneling, and then click Next.
f. In the Server IP address box, type the IP address of the Web server
where you want to publish the Web site (internal web server IP), and then
click Next.
g. Click to select the check box that corresponds to the network that you
want ISA Server to listen to for Hypertext Transfer Protocol Secure (HTTPS)
requests. Please click to select the External check box.
h. Click Next, and then click Finish.
i. Double click the new rule, select Traffic tab, click Ports button.
j. Select Publish on this port instead of the default port, input 445.
Click OK twice.

Note: the SSL 443 and 444 are already used by OWA and Companyweb, so we
need to select a different port from the 2 ones.

k. Click Apply to update the firewall policy, and then click OK.

4. Then, you can access the web site from Internet thru
https://www.domain.com:445

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

1. Can you access this web site from internal clients thru
https://webserver?

2. Can you access your OWA on SBS from Internet?

3. What error do you get when you try to access https://www.domain.com:445
from Internet?

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Publish External Websites Securely (ISA 2004)
| thread-index: Acfv5XZjWhggvVoLQUiLm3GKfCE4JQ==
| X-WBNR-Posting-Host: 207.46.192.207
| From: =?Utf-8?B?YmNtb29yZQ==?= <bcmoore@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Publish External Websites Securely (ISA 2004)
| Date: Wed, 5 Sep 2007 10:52:01 -0700
| Lines: 18
| Message-ID: <A7E41113-5581-470F-A9DA-3245268EC73B@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:61052
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hello SBS'ers,
|
| I'm trying to publish a website on an internal Win2003 server (NOT SBS
| server) securely to the internet.
|
| Internal access is fine and unsecured via Http://webserver/website
|
| I want to require all external access to this website to be SSL with the
| termination point being at the SBS server. That is - I don't want to
require
| the internal website to be secure but want all external communications to
be
| secure.
|
| Can anyone send me in the right direction in regards to the settings
needed
| for the Secure Web Publishing wizard?
|
| Thanks!
|
| Brian
|

.