I was able to publish weboutlook to external clients. For some reason when I watch the log it shows denied request, but when I asked the users who are testing they said they were able to use no problem... weird..
now the oddest part is that I cannot access the webmail internally, only externally
so private.com resolves to my ISA server isa has internal hosts file pointing to exchange server
when internal machines access private.com it hits the isa server, but then thats it it doesn't want to do anymore...
Ah. Now i'm running 2006 so I was curious that now I can use 1 cert for 2 listeners, then I should be all set?
I was also wondering do internal clients really need to go through ISA to access email? Or can I just update my internal DNS for to point to the exchange server directly, which won't have FBA but that is fine
it's good practice that if the users don't need to have the same user experience when they are outside or inside the company, than the internal clients should not go through the ISA to access their email. Of course, a proper split DNS setup is required to accomplish that. Check out http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html for more info.
Thanks for the responses, greatly appreciated. So I am bit confused. I have this split dns setup from reading other articles but the confusion is, should internal resolve the actual internal server, such as mail server, or the internal interface on the ISA server?
See I don't use the ISA server for anything except exchange publishing, which means my internal clients then don't need to access the ISA server, do they
if you don't matter about the same user experience than the internal DNS should resolve to the actual internal server. In that case, the internal clients will never touch the ISA server for that kind of traffic.