Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion about article on Publishing OWA using ISA Firewalls
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about article on Publishing OWA using IS... - 27.Oct.2006 5:37:08 PM
|
|
|
sporter
Posts: 7
Joined: 26.Oct.2006
Status: offline
|
Thank You!.
Im still getting grounded on ISA2004 and never would have thought of that.
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 28.Oct.2006 10:56:18 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sporter,
Get the eval version and check it out. I have some articles on how to make it work on this site.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 3.Jul.2007 9:38:09 PM
|
|
|
JohnCz
Posts: 6
Joined: 3.Jul.2007
Status: offline
|
Hi Tom,
Sorry about this but I was trying to access area to ask about the following article on Publishing OWA using ISA Firewalls. I wanted to know if it is possible to use my external domain name which is mail.maintenance-specialists.com? It resolves to a static IP on my router and a MX record from external DNS servers points to it. I was able to use my internal domain name which is webmailserver.internalbusiness.local or WEBMAILSERVER but I want users to enter https://mail.maintenance-specialists.com to access OWA. Would there be a way to make this work? Thank you for the time.
john
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 4.Jul.2007 11:59:49 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi John,
You can create a parallel split DNS to support this solution. Check out my article on supporting illegal top level domain names using a split DNS.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 4.Jul.2007 9:00:23 PM
|
|
|
JohnCz
Posts: 6
Joined: 3.Jul.2007
Status: offline
|
Thank you Tom,
I am now able to access my OWA through https://mail.maintenance-specialists.com from the outside world. How do I access the certsrv from outside if I want to install a certificate when the ISA has a .local extension? In other words, per your example; "On the Outlook Express e-mail client computer, enter http://192.168.1.70/certsrv in the Address bar and press ENTER" in my case it would be http://192.168.0.2/certsrv and the server's name is ISASERVER.local.
Thanks Tom!
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 5.Jul.2007 4:11:49 PM
|
|
|
JohnCz
Posts: 6
Joined: 3.Jul.2007
Status: offline
|
Tom,
A question, on your topic "Supporting ISA Firewall Networks Protecting Illegal Top-level Domains" you show the internal DNS entries for the various services such as owa.isaexternal.com as having an A record with the 10.0.0.2 IP which I gather is the actual IP of the internal Exchange server, and for the external DNS which would be running on the ISA server I take it, you show the following: owa.isaexternal.com 2.2.2.1 and rpc.isaexternal.com 2.2.2.2. The question is, are the 2.2.2.1 and 2.2.2.2 the addresses from an outside authoritive DNS server which points to that isa.external.com domain name? I am trying to figure out what to put for the A records on my ISA server which has DNS running on it as the external in the split. Do I need reverse lookups for these? Sorry for all the questions but I am a perpetual student who is sometimes needing help from a pro! Thanks again.
john
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 6.Jul.2007 2:45:46 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi John,
External users will use an external DNS server that has the external host records and point to the external interface of the ISA Firewall -- or the public address of the NAT device in front of the ISA Firewall. This must be a DNS server that is separate from the DNS server that hosts the internal zone records.
The ISA Firewall itself should use the internal DNS server, since it needs to resolve the names to the actual machine on the internal network -- it never wants to use the external DNS server to resolve those names, otherwise you'll end up in a Web proxy loop.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 9.Jul.2007 9:01:24 AM
|
|
|
JohnCz
Posts: 6
Joined: 3.Jul.2007
Status: offline
|
Tom,
Do I need the split DNS then? Before trying the split DNS I had the following:
- DNS running on internal .local domain in the 10.0.0._ range
- DNS foward and reverse stub zones on ISA server with the internal nic in the 10.0.0._ range and external ISA nic 192.168.0._ NIC order is Internal first then External NIC
- Hosting service provides authoritive DNS servers to point to my static IP of 208.69.167.189 given by ISP
- MX record and A record added to my internal DNS foward zone for mail.maintenance-specialists.com and maintenance-specialists.com
Am I missing anything from what you can tell?
Thank You,
john
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 14.Jul.2007 3:15:52 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
You know that the split DNS is configured correctly and in place when the internal clients get a correct internal IP address and the external clients get the correct external IP address for the same resource name.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 14.Jul.2007 10:22:55 PM
|
|
|
JohnCz
Posts: 6
Joined: 3.Jul.2007
Status: offline
|
Tom,
Thanks for the reply. I launch nslookup on the internal DNS server and mail.mydomain.com resolves to my exchange server's IP. Should the ISA's DNS server resolve mail.mydomain to the ISA's external nic address or my static ip of the router? I can connect internally but I get error 408 when I try to connect externally to OWA. I know I had this working perfectly but when I did a clean install of everything after screwing up something which turned out to be something else, now I can't remember how I had this split working. Sorry to be such a pain, I will make better notes if I ever get this working again!
john
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 17.Jul.2007 8:34:49 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
The ISA Firewall can only resolve the internal address of the site since you never place an external DNS server address on any of the ISA Firewall's NICs.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 24.Jul.2007 3:07:21 AM
|
|
|
JohnCz
Posts: 6
Joined: 3.Jul.2007
Status: offline
|
Tom,
I was able to get this parallel DNS working and discovered my problem to be related to not installing the certificate on the external user accessing the OWA site. Once I did this I could access OWA remotely. Pretty dumb of me to have overlooked that. All along the DNS was configured per your instructions and I kept looking at split DNS as the problem. My bad! Anyways thank you for the help and the great forum and all the effort you put into your guides. Where do you find the time? One question on certs. Is there a way for the cert to be automatically installed on external users PC when accessing the OWA? When you access some SSL sites the cert is already valid without having to download it first. If I do not install a cert on external user trying to access OWA it says the cert cannot be verified up to a trusted source (because I have chosen not to trust) but the date and name match is OK and I can still get into OWA.
john
|
|
|
|
|
RE: Discussion about article on Publishing OWA using IS... - 24.Jul.2007 10:33:04 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi John,
There's no way to do this automatically for external clients. If you use an enterprise CA you can get the root CA cert installed automatically, but they'll need to be in the network since they need to join the domain to receive the cert.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
Discussion about article on Publishing OWA using ISA Fi... - 10.Aug.2007 4:16:14 AM
|
|
|
indivi
Posts: 12
Joined: 3.Aug.2007
Status: offline
|
Dear Shinder,
I am following your all articles as well.. I made our configuration like you told us in your articles ( using Trihomed Structure) ( ISA2004,DMZ,INTERNAL)
We can reach OWA on Front End Exchange from Internet bur we can not reply forward messages. And some messages( some special char.like %&* including subject area) are not displayed (IIS 404 Error Both)
What is our problem?? please Help me Shinder????
I should explain some details :
INTERNAL : 192.x.x.x
DMZ : 172.x.x.x
ISA2004(on windowsServer2003) :. Three NIC Card(External Static IP)
Front End Exchange Server Configuration :
Win2003Server SE ( Service Pack2) Asp.NET 1.1v IIS6.0
Back End Exchange Server Configuration
Win2003Server SE ( Service Pack2) Asp.NET 1.1v + 2.0v IIS6.0
ISA (Server 2004 SE) Configuration (Service PAck 3)
Win2003Server SE ( Service Pack2) Not Asp.NET Installed Not IIS
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
