Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Outlook HTTP\RPC

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Outlook HTTP\RPC Page: [1]
Login
Message << Older Topic   Newer Topic >>
Outlook HTTP\RPC - 27.Aug.2008 6:09:28 AM   
gnicol

 

Posts: 4
Joined: 5.Sep.2007
Status: offline 		Hi All,

Looking for some advice on what should be configured on ISA 2004 to allow Outlook 2003 to connect to an Exchange Proxy using rpc over https whilst using a VPN connection

Details as follows

1. Outlook client can connect to Exchange Front End server using https within internal network. Therfore Client and Exchange proxy are configured correctly.

2. Users will connect to ISA over a VPN and once past quarantine are given an  IP address from ISA from the static ranges we have set up. From the VPN network clients can currently access internal servers based on the rules we have set up.

The question is therfore what do I need to configure on ISA 2004 to allow these VPN clients to connect to the Exchange FE proxy  through ISA?

Thanks
Gerry

< Message edited by gnicol -- 27.Aug.2008 6:10:55 AM >
Post #: 1
RE: Outlook HTTP\RPC - 27.Aug.2008 9:24:01 AM   
Rotorblade

 

Posts: 976
Joined: 27.Feb.2007
Status: offline 		 

[
quote:


The question is therfore what do I need to configure on ISA 2004 to allow these VPN clients to connect to the Exchange FE proxy  through ISA?


Nothing.  They’re VPN clients which are on your internal network and you don’t want to be looping back through ISA for internal services.

RB


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to gnicol)
Post #: 2
RE: Outlook HTTP\RPC - 27.Aug.2008 9:30:32 AM   
gnicol

 

Posts: 4
Joined: 5.Sep.2007
Status: offline 		Thanks for the reply roterblade.

Should have been more clear. The ISA array is set up as teh VPN concentrator and VPN clients are assigned an IP address from a subnet range that has been set up on ISA. I would have thought that we would need some sort of rule to allow rpc\https traffic from the VPN client network to the Exchange Proxy server which is in the perimeter network. Whether that is an access rule or a server publishing rule I'm not sure

i.e. Allow https Traffic from VPN client network to Exchange Proxy (in perimter)

Thanks
Gerry

< Message edited by gnicol -- 27.Aug.2008 9:33:06 AM >

(in reply to gnicol)
Post #: 3
RE: Outlook HTTP\RPC - 27.Aug.2008 10:14:50 AM   
Jason Jones

 

Posts: 2154
Joined: 30.Jul.2002
From: United Kingdom
Status: online 		Bit confused here as RPC over HTTP is seen as a solution which *negates* the need for a VPN solution at all.

If you are VPN connected, why not just use MAPI to connect to Exchange?

If you want to use RPC over HTTP for external access to Exchange, you can do this without any VPN just using ISA Server web publishing.

What are you trying to achieve with your chosen solution?

Cheers

JJ

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to gnicol)
Post #: 4
RE: Outlook HTTP\RPC - 27.Aug.2008 10:25:01 AM   
Rotorblade

 

Posts: 976
Joined: 27.Feb.2007
Status: offline 		Ok, thanks for clarifying. I was assuming that you had a VPN access rule configured to allow all access from the VPN network. It would depend on how the network relationship is configured between the two networks. (Route vs. NAT) For RPC/HTTPS all you should need is 80 and 443 access but based on the relationship it would be either an access rule or publishing rule respectively.

RB   


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to gnicol)
Post #: 5
RE: Outlook HTTP\RPC - 27.Aug.2008 10:26:12 AM   
gnicol

 

Posts: 4
Joined: 5.Sep.2007
Status: offline 		Hi Jason,

Yes I can understand the confusion. We publish our OWA servers onto the external interface and quite conceivable could have done the same for rpc\https. Its really six and hald a dozen whether our outlook clients using https or mapi to connect to exchange. We have a FE Exchange Proxy configured already however as part of a previous project and were just going to use this to handle traffic from the outlook clients (After they had established a VPN connection). In addition our firewall that sits between our ISA server and our internal network alreday allows https traffic to the FE Proxy therfore this would negate further changes to this interface.

Thanks
Gerry

(in reply to gnicol)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Outlook HTTP\RPC Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts