Configuring ISA Server Behind Pix 515e - Using RPC Filter

I want to set it up so users can access outlook from anywhere.  Not all users have Outlook 2003 so RPC over HTTP won't work.

I am going to have OWA as a fallback for users, but I want to allow my users in remote offices (which are not interconnected with us) to have access to their full MAPI Outlook client at all times.

I thought it out and here's what I've come up with:

Router - Pix - Internal Network - Exchange
           DMZ - ISA Server (Hosting RPC Filter, Dual NICs - 1 to internal network, 1 to DMZ)

The problem I am having is that when I create the server publishing rule it is not recognizing my DMZ NIC address ( as the external address for the server.

On the PIX the internal interface is and the DMZ is

Is it possible to set up my environment the way I laid it out or is their a better way to go about it?  I want to stay away from VPN clients and the remote offices are externally managed by an outside provider and I don't have access to the equipment.

Who is Participating?
I am not sure if this is how you wanted to configure your network so let me know if I am on the right track.

You are placing your ISA server in the DMZ? So that the external address of your ISA server is in the network and its internal adapter is in the internal network.

Create a rule on your firewall for RPC over HTTP and HTTPS to the external address of your ISA server (DMZ network).
Create a publishing rule in ISA for OWA over HTTPS and RPC over HTTP to the exchange server.

Route table for ISA server has the default gateway set to the IP of the port in the firewall for that DMZ (192.168.2.x). LAT (Local Address Table) for ISA only has the internal network. For routing to work within ISA you need to ensure that the DMZ network and Internal network are completely separate (this should be the case with a 24 subnet mask).

ISA will allow you to set up the two separate publishing rules for https and rpc over http to the same internal server.

Does this help? TJ
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.