Hello! First off, I'm very new to ISA, I'm working with ISA 2006 Enterprise and have a couple questions.
The first question is, I'm trying to publish 3 internal servers with web services. I wanted to use ISA 2006's Web Publishing feature originally to avoid the use of port forwards to other ports besides port 80 for websites hosted on other servers, I wanted all web based services to be hosted under 80 and 443 for SSL, regardless of what server it was hosted on inside, and for the correct domain to be forwarded to the correct server.
So here's what I've done so far, I've installed ISA 2006, and I've created a publishing rule. I set the publishing rule to the published site website.com, and entered the computer IP address as the local IP address of the server since I'm using host headers within IIS. For the Listener, I put the internal server name as the Listener name [this appears to be where I'm going wrong but I can't understand why...wait, see next paragraph], and set the Networks value to External, Port value to 80, HTTPS is disabled since this is for hosting public websites that don't have any HTTPS sections, authentication to No Authentication, and Always Authenticate to No. In my mind, I should need to create a different web listener for each internal server+port combination? So a new web listener for server1 on port 80, new for server2 on port 80, new for server2 on port 25 and port 110. However, when I try to create the next listener for the next web server and port 80, I get an error message "a web listener specifying the same port and similar ip addresses is already used by rule [first server name I made the first listener name]".
Now, as I type this, I'm going to make a guess as to what I did wrong. Do I actually have to create ONE web listener per port on the external interface, and then set rules within the Firewall Policy Rules for each of the 10 websites or so on the first server and let those use the external port 80 listener, which means the external listener on port 80 will check those 10 rules and if a request matches for one of the websites it will send to the corresponding server? I really hope I'm right :D
Next question is, since I use ISA 2006 Enterprise, is that Default Deny Rule there going to cause a problem? I was able to add RDC rules, DHCP rules, and Web Access rules to the Enterprise policy so that the ISA server could access the internet for Windows Updates, I could RDC into the ISA server from my home network, and so that the ISA server's external interface could obtain an IP address from our ISP, but I can't apply publishing rules to an Enterprise rule. How am I going to make those Publishing rules work? Is there a way to completely ignore the Enterprise Policy and just use the Firewall Policies, hopefully WITHOUT having to reinstall ISA if possible to save time.
Thanks so much for any responses and being patience with my n00b questions.
< Message edited by link470 -- 12.Oct.2009 8:11:37 PM >