• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TS Gateway Publishing with ISA2006 and Cert Authority 2003

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Server Publishing >> TS Gateway Publishing with ISA2006 and Cert Authority 2003 Page: [1]
Login
Message << Older Topic   Newer Topic >>
TS Gateway Publishing with ISA2006 and Cert Authority 2003 - 30.Mar.2010 3:04:45 PM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
Here are the steps I took to successfully publish my TSG with ISA.

1) Install TSG and TS Web Access on Server 2008.  This server only has one private IP address.
2) Create a public A record for your TSG (eg. tsg.mydomain.com)
3) Forward your 443 traffic through your firewall (cisco, etc) to the ISA external interface.
4) On the TSG server using IIS7 open Server Certificates and create a certificate request.  Common name must be the public FQDN (tsg.mydomain.com).
5) I was unsuccessful fulfilling this request with my CA MMC running on 2003.  Go to your CA's web service enrollment. (http://<ca>/certsrv).  Request Cert > Advanced > Submit using a file.  Paste your cert request file and use WebServer cert template.  I did not have the Computer template available otherwise I would have tried that.
6) Save your cert *.CER. 
7) Import the cert to TSG Computer > Personal store using the Certificates MMC.  Configure your TSG to use this cert.
8) This step might be redundant: export the cert including private key from your TSG as *.pfx
9) Import this cert to ISA computer > personal store using the Certificates MMC.  The cert should show up in Tursted Root Cert Auth since it was issued by your CA.
10) Create a WebServer rule in ISA
10a) To tab: Published site is the public FQDN ( tsg.mydomain.com) to match the cert.  The IP address will be the private IP of the TSG server.
10b) Public Name tab: Add your public FQDN (tsg.mydomain.com) to match the cert.
10c) Listener Tab: create a new listener and assign the cert to ISA's external IP.  This is where I was having problems with the self-signed certs.  They were marked invalid by ISA.

That's it.

I also followed these instructions: http://technet.microsoft.com/en-us/library/cc731353%28WS.10%29.aspx
Post #: 1
RE: TS Gateway Publishing with ISA2006 and Cert Authori... - 1.Apr.2010 9:05:45 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

great info! Thanks for sharing!

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to fixitchris)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Server Publishing >> TS Gateway Publishing with ISA2006 and Cert Authority 2003 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts