Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (Full Version)

All Forums >> [ISA Server 2004 General ] >> Exchange Publishing



Message


tshinder -> Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (26.Jul.2005 11:02:00 AM)

This thread is for discussing the Publishing an OWA Site in a Back to Back ISA Firewall Configuration (Part 1) article at http://www.isaserver.org/tutorials/Publishing-OWA-Site-Back-to-Back-ISA-Firewall-Pa rt1.html and part 2 at http://isaserver.org/tutorials/Publishing-OWA-Site-Back-to-Back-ISA-Firewall-Part2.html

Thanks!
Tom

[ August 02, 2005, 09:53 AM: Message edited by: tshinder ]




theblacksmith -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (5.Aug.2005 9:36:00 PM)

I have done every thing you told in the article, but it seems it will work ONLY for exchange Server 2k3... right?, 'cause as far as i know exchange server 2000 does not support form based authentication.

I was hopping isa server 2004 to "Implements" a form based authentication by it self.

Well, i can reach the /certsrv/* path from the internet using username, password and domain, but when i call the http://owa.mydomain.com/exchange i get a "403 Forbidden" error, if i call the https://owa.mydomain.com/exchange/ i get this error...

Technical Information (for support personnel)

Error code: 12206
Background: The page you requested could not be reached.

Keep in mind that i had done the same way u told me to do in the article, but i get this nasty errors... [Frown]

Ne idea, suggestion, help or anything that can help me get OWA up and running?




tshinder -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (6.Aug.2005 8:54:00 AM)

Hi TBS,

You do NOT need Exchange 2003 for this to work, since the ISA firewall generates the form.

The article doesn't use a path:

owa.mydomain.com

What are the ACTUAL names you are using on the certificates? What are the ACTUAL names used on the To tab and Public Name tabs?

This is where people tend to miss the config.

HTH,
Tom




theblacksmith -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (8.Aug.2005 10:09:00 AM)

Cool...! done it, but i have problems with the "gifs" and if i click on any e-mail front-end isa server asks for auth. again, is this normal?, what about the gifs?. Funny, but the gifs works like a charm using the Admiinistrator account, but when using a normal user account i have this problem... [Razz] .

At the internal network the gifs works fine for administrator but not for normal users and keep asking username/password (via system popup)... then what should be happening?

[ August 08, 2005, 12:02 PM: Message edited by: TheBlackSmith ]




barky81 -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (29.Aug.2005 4:13:00 PM)

These articles definitely did not work for me. (Similarly, MS's guide to publishing Sharepoint ALSO didn't work for me.)

However, I was able to back-to-back "Sever Publish" my OWA through SSL in about 5 minutes (which is how I had it setup for ISA 2000, as well.

One of the things I seem to see at points in trying to follow the articles is that the authentication is taking a stop through "localhost" instead of directly to the internal interface...

Equally important, it is not practical to utilize an "all open" access policy (so why even use it in the article?). Are there simply too many things to open--or does no one know what specifically needs to be allowed?

(Unfortunately, I cannot "Server Publish" Sharepoint, due to the URLs it serves up...so if you cannot web publish it, you can't publish it at all, apparently.) Of course, just to be clear, I have been able to Server Publish our Sharepoint with SSL, but many graphic links don't show, etc...so it isn't usable.

What I don't understand, is WHY (if I can SSL-serverpublish) CAN'T I webpublish? Why does one work and the other doesn't?




barky81 -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (6.Sep.2005 10:43:00 AM)

bump?




tshinder -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (7.Sep.2005 10:34:00 AM)

quote:
Originally posted by TheBlackSmith:
Cool...! done it, but i have problems with the "gifs" and if i click on any e-mail front-end isa server asks for auth. again, is this normal?, what about the gifs?. Funny, but the gifs works like a charm using the Admiinistrator account, but when using a normal user account i have this problem... [Razz] .

At the internal network the gifs works fine for administrator but not for normal users and keep asking username/password (via system popup)... then what should be happening?

Hi TBS,

The clue here is the internal network. The ISA firewall shouldn't be handling connections to the OWA site from internal network clients, so it probably isn't an ISA firewall problem. Internal hosts should use Direct Access to reach the OWA site.

HTH,
Tom




tshinder -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (7.Sep.2005 10:36:00 AM)

quote:
Originally posted by barky81:
These articles definitely did not work for me. (Similarly, MS's guide to publishing Sharepoint ALSO didn't work for me.)

However, I was able to back-to-back "Sever Publish" my OWA through SSL in about 5 minutes (which is how I had it setup for ISA 2000, as well.

One of the things I seem to see at points in trying to follow the articles is that the authentication is taking a stop through "localhost" instead of directly to the internal interface...

Equally important, it is not practical to utilize an "all open" access policy (so why even use it in the article?). Are there simply too many things to open--or does no one know what specifically needs to be allowed?

(Unfortunately, I cannot "Server Publish" Sharepoint, due to the URLs it serves up...so if you cannot web publish it, you can't publish it at all, apparently.) Of course, just to be clear, I have been able to Server Publish our Sharepoint with SSL, but many graphic links don't show, etc...so it isn't usable.

What I don't understand, is WHY (if I can SSL-serverpublish) CAN'T I webpublish? Why does one work and the other doesn't?

Hi Barky,

The All Open rule is used because everyone's firewall policy is going to be different. There's no reason to promote a specific firewall policy since everyone's is going to be different.

What is failing in your Web Publishing Rules?

Thanks!
Tom




jbalconi -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (22.Jun.2007 9:15:57 PM)

Hi Tom;
I have attemped to publish owa in a site back you back with ISA 2006 and exchange 2007 approximately the 2 months and I'vnt obtained. I followed diverse tutorial and also this published for you and I dind't success. I also tried to publish placing the third net card that to bind front isa with exchange for do not have another firewall in the way, but the error is the same. I receive the screen of OWA but they don't accept the user and password. What can I do ? regardsJeri




Snowfresh -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (4.Mar.2008 7:54:26 AM)

Hi,
 
Is there anybody who did this with ISA 2006 and Exchange 2007, successfully?
Pre authentication seems to be the key ...
@Tom what do are your ideas on this?
Regards
 
 




vjekohaker -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (29.Mar.2008 10:27:50 AM)

I have attemped to publish owa in a site back to back with ISA 2006 and exchange 2003, I followed Your tutorial  and I dind't success.I receive the screen of OWA but they don't accept the user and password. What can I do ?
BTW on back ISA everything works fine.
Do I need RADIUS for auth on Front ISA ?




antonb -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (12.Feb.2009 2:24:05 AM)

Good day,
I hope you can give me some clarity on my problem.
Scenario : We are running ISA 2000 that publish to a OWA 2003 server on our domain. We have a ISA 2006 server that handles all other incoming traffic.Currently we are experiencing problems on the ISA 2000 server.

Can I configure OWA traffic to be published from both ISA servers in order to prevent downtime while we are busy with the change? I need to have some testing time without downtime. That is why I need to run it from both ISA servers.

What I plan to do is create a new DNS entry : test.owa.mydomain.com on the ISA 2006 server.

Hope you can assist me with this.




jordi.lopez -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (26.Feb.2009 11:41:02 AM)

I followed this articles and when I tried to connect externally by owa appears the page to put the user and password but I put it and nothing.

In the Front-End Firewall i can see a Denied Connection for HTTPS from External to Local Host, any ida?

It seems like the forwarding from the Front-End FW to the Back-End FW is not working

Thank you very much


Jordi




schmidlap -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (20.Sep.2011 5:42:07 PM)

Part 2 Page 2 states: "In addition, the front-end ISA firewall must be able to resolve the name of the OWA Web site to the IP address on the external interface of the back-end ISA firewall that is listening for incoming requests to the OWA Web site on the default Internal network behind the back-end ISA firewall."

That IP address would be 10.0.1.2 in this scenario.

On Page 6 or Part 2 we have: "You can use either a split DNS or a HOSTS file entry on the front-end ISA Server 2004 firewall machine to resolve this name to the IP address used by the Exchange Server on the internal network. In the current example, we have used a HOSTS file"

In this scenario, the IP address used by the Exchange Server on the internal network is 10.0.0.2.

So which is it? Should the front end ISA resolve owa.msfirewall.org to 10.0.0.2 or 10.0.1.2?




seegrem -> RE: Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration (25.Nov.2011 8:04:31 AM)

hello
Thanks for provide me information about this topic this will help me.because this will help me.
Thanks
Regards
seegrem




Page: [1]