Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Publishing IMAPS thru ISA 2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Publishing IMAPS thru ISA 2004 - 22.Nov.2007 7:37:51 AM
|
|
|
iandhughes
Posts: 3
Joined: 22.Nov.2007
Status: offline
|
Any IMAPS experts out there? Trying to get iPhone working in corporate setup and failing. Device connects thru Checkpoint firewall to ISA 2004 server in perimeter where there's mail publishing rule to forward packets (IMAPS Server protocol) to front-end exchange on LAN, but traffic is denied and inbound protocol shows as IMAPS on 993. If I create an Access Rule allowing inbound IMAPS, traffic is allowed but not tunnelled to FE server. Stumped.
Same ISA Server publishes OWA, OMA, RPC over HTTPS and ActiveSync fine, but IMAPS is a show stopper. Have tried same thing with IMAP protocol but same result. Any help would be greatly appreciated.
|
|
|
|
|
RE: Publishing IMAPS thru ISA 2004 - 23.Nov.2007 7:15:34 PM
|
|
|
Jason Jones
Posts: 3089
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
Is this a single NIC ISA?
What relationship do you have betweent the ISA Networks?
Have you configured the server publishing rule to use the IP address of ISA of the original client?
_____________________________
Jason Jones | Forefront MVP | Silversands Ltd
My Blog: http://blog.msfirewall.org.uk/
|
|
|
|
|
RE: Publishing IMAPS thru ISA 2004 - 24.Nov.2007 6:36:20 AM
|
|
|
iandhughes
Posts: 3
Joined: 22.Nov.2007
Status: offline
|
Hi Jason. It's a dual-homed machine with the public NIC in the DMZ of the Checkpoint and the private NIC on the LAN. There's a hosts entry on the ISA server pointing webmail.company.com to the front-end Exchange server on the LAN, so packets arriving for eg OWA are directed there, and this works fine. There's a Verisign cert on ISA and the FE but it seems the problem is getting IMAPS traffic to tunnel. I have a publishing rule for IMAPS Server (using the wizard) but that alone doesn't let traffic in. I have to also create an access rule to allow the IMAPS protocol in, and traffic is then allowed but never reaches the FE server.
I've actually logged a call with the Microsoft ISA team as I'm under pressure to get it fixed, so I'll let you know the outcome.
Thanks again,
Ian
|
|
|
|
|
RE: Publishing IMAPS thru ISA 2004 - 25.Nov.2007 6:51:37 PM
|
|
|
Jason Jones
Posts: 3089
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
You need to configure the publishing rule to use the IP address of ISA rather than the original client to ensure the traffic returns to the ISA Server and not it's default gateway.
Without this setting, traffic will come in via the ISA and return direct via the Checkpoint and hence will not work...
Cheers
JJ
_____________________________
Jason Jones | Forefront MVP | Silversands Ltd
My Blog: http://blog.msfirewall.org.uk/
|
|
|
|
|
RE: Publishing IMAPS thru ISA 2004 - 30.Nov.2007 10:23:35 AM
|
|
|
iandhughes
Posts: 3
Joined: 22.Nov.2007
Status: offline
|
Hi Jason, thanks for your reply to this. You were perfectly correct in that we needed to have traffic coming from ISA rather than externally. We'd also made an error in the LAT where the external-facing NIC was actually listed as being on the private network, so publishing rule was unable to listen on external card. Stupid error! Last problem we had was the username on the iPhone needed to be the Exchange alias, which was different to his login account on the network.
Got there in the end though. Thanks again for your help.
Ian
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
