ISA as reverse proxy for external website

ISA as reverse proxy for external website (Full Version)

All Forums >> [ISA 2006 Publishing] >> Web Publishing

Message

norbo -> ISA as reverse proxy for external website (4.Jul.2008 10:29:10 AM)
Hi I'm trying to solve the following: We have contracts with several publishing companies who provide acces to their websites. For example a newspaper who provides access to their articles. Access from our network to their server is secured using IP range authentication. This means access is possible from any of our servers. So people who browse to the newspaper server from within our network are allowed in. There is no authentication of users. We need to give acces to employees from their homes also. What we want to do is set up a proxy server in out network and provide a url such as newspaperx@mycompany.com. The proxy will request credentials and check them at our AD server. When ok a redirect should take place to the newspaperserver. We are running ISA2006 for Sharepoint publishing. I'd like to use ISA as a reverse proxy. I tried using a webserver publishing rule using FB authentication but can't get it to work properly. It seems to send credentials to the newspaper server as well which i don't want. My question is: is ISA2006 the right product to use here? I know it is meant to publish websites behind it, but is it somehow restricted to this scenario? Any help would be appreciated

gbarnas -> RE: ISA as reverse proxy for external website (4.Jul.2008 11:16:51 PM)
You can't publish "external" sites unless you use a separate ISA server and install it "backwards". That is - the External interface is in your LAN, and the Internal is Internet-facing. This has to be behind another firewall of some kind. I use such a configuration to publish our partner/vendor application servers in our trusted network, although we don't use HTTP type protocols. (we have a separate web proxy for application servers using HTTP protocols.) For your situation, why not simply set up the home users to make a VPN connection? Once they're in your network (or even in the DMZ), they are authenticated and will connect via the authorized IP range by going through your Internet connection. Glenn

norbo -> RE: ISA as reverse proxy for external website (7.Jul.2008 2:55:12 AM)
Hi Glenn Thanks for your reply. I'll look into the VPN solution, it might work for me. But before I do so one more question: we are running ISA purely as a reverse proxy for Sharepoint at the moment, not as a firewall. We have PIX firewalls on our perimeters. Therefore the ISA machine has one network card and only works with an internal network! Should'nt my configuration work in this setup? Thanks again Norbert

Page: [1]