Hi, I am given a task to configure ISA 2006 as reverse proxy for accessing sharepoint for my SSL VPN users.
1. The machine will be not part of domain 2. Machine will have single NIC and will reside in DMZ 3. No CA server currently
Appreciate if someone tell me whether the above is achievable with the above details or not. Also let me know whether the ISA should use internal DNS or external to resolve the queries for sharepoint.
Which NAT device are you using in front of ISA? Hows your DMZ configured (is it 3 leg or back to back)? What product is creating SSL VPN and where are they being created?
So if your FW in front of ISA is creating VPN users then you will have to allow traffic from that IP range to the internal network using Access Rules
1. Create an address range with the VPN IP range you are using 2. Exclude it from the Internal IP Range on ISA 3. Create an network rule with Route relationship between the Address range and the Internal Network 4 Create an access rule allowing the protocols you need from the address range/Internal to Address range/Internal
VPN users traffic will hit the FW first and then when they access share point from the IE then ISA (reverse proxy) will come into picture. Will the configuration will work with single NIC. Also is it mandatory to have certificate in place?
Yes, that will work considering how you configure routing on your FW where your VPN users are being created. Moreover, i will have them access SarePoint as internal not through the ISA just to simply things.....Using SharePoint publishing makes more sense when accessing it from internet and not as a VPN user.
I believe VPN users network should be included in the internal network of the ISA. Should share point server also needs to be included in internal network?
ISA server, VPN network and Sharepoint server network are 3 different networks.
Hey...i was just going through the complete chain of responses and realized that you have a Single NIC ISA...I am sorry to miss that part in my second reply to you..... Ignore that reply completely as Single NIC ISA cannot do any kind of routing
So, Single NIC ISA will only have internal network and will be part of your internal network. Means It will have an IP from your internal range. You will publish the sharepoint website on ISA using that IP.
Your VPN users should be able to resolve the SharePoint website name to the IP of the ISA. You need to see how you do it...
If you want to publish the sharepoint website on SSL, you need certificate on ISA.....If you dont then you no longer need certificates.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> ISA 2006 as reverse proxy for accessing sharepoint for SSL VPN users 
ISA 2006 as reverse proxy for accessing sharepoint for ... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread