Configuring ISA Server Behind Pix 515e - Using RPC Filter

Posted on 2005-05-10
Last Modified: 2013-11-16
I want to set it up so users can access outlook from anywhere.  Not all users have Outlook 2003 so RPC over HTTP won't work.

I am going to have OWA as a fallback for users, but I want to allow my users in remote offices (which are not interconnected with us) to have access to their full MAPI Outlook client at all times.

I thought it out and here's what I've come up with:

Router - Pix - Internal Network - Exchange
           DMZ - ISA Server (Hosting RPC Filter, Dual NICs - 1 to internal network, 1 to DMZ)

The problem I am having is that when I create the server publishing rule it is not recognizing my DMZ NIC address ( as the external address for the server.

On the PIX the internal interface is and the DMZ is

Is it possible to set up my environment the way I laid it out or is their a better way to go about it?  I want to stay away from VPN clients and the remote offices are externally managed by an outside provider and I don't have access to the equipment.

Question by:anakin827
    1 Comment
    LVL 1

    Accepted Solution

    I am not sure if this is how you wanted to configure your network so let me know if I am on the right track.

    You are placing your ISA server in the DMZ? So that the external address of your ISA server is in the network and its internal adapter is in the internal network.

    Create a rule on your firewall for RPC over HTTP and HTTPS to the external address of your ISA server (DMZ network).
    Create a publishing rule in ISA for OWA over HTTPS and RPC over HTTP to the exchange server.

    Route table for ISA server has the default gateway set to the IP of the port in the firewall for that DMZ (192.168.2.x). LAT (Local Address Table) for ISA only has the internal network. For routing to work within ISA you need to ensure that the DMZ network and Internal network are completely separate (this should be the case with a 24 subnet mask).

    ISA will allow you to set up the two separate publishing rules for https and rpc over http to the same internal server.

    Does this help? TJ

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now