ISA 2006 internal OWA

Hi,

I need a bit of help with ISA 2006 and OWA. I’ve setup access rules and listeners to facilitate OWA access to my Exchange server via ISA. The rules seem to work fine and any internal client – not using proxy can access the OWA forms, but internal clients – using proxy can’t. They get Error Code 502 proxy server denied the specified URL (12202) even though the listener is configured to listen on both networks. I’m not using split DNS as my ISP is handling external resolution. My internal DNS points owa.domain.co.uk to the ISA server itself.  The clients using proxy trip up on the default rule.

Any ideas as to why internal client using proxy fail but internal clients not using proxy don’t and how to sort it out?

Thanks.
MrPrinceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
You don't mention whether you are running OWA internally on http or https.

1. Generally speaking for this I add the internal site(s) to the Proxy Exceptions (internet tools - options - connections - lan settings - advanced) so that the browser doesn't even access the proxy service when an internal client calls an internal web site. You can also put in the ip range if you need more than the 255-ish characters allowed in the proxy exceptions box. ie 10.0.*; 172.30.254.*; 192.* etc to cover the internal ip addresses instead of using names.

2. Can you confirm that you have a rule within the firewall policy allowing traffic from internal & local host to internal & local host for the required traffic?

Either way you can then amend your publishing rule to just cover the external network only.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MrPrinceAuthor Commented:
DOH! I had a rule for internal to internal but not local host to local host as well. I also whacked that rule in at the top and it works now. BTW what protocols would you suggest for nornal Internet Access? I've just specifed 'All Outbound Protocols' but is this a good idea?
0
Keith AlabasterEnterprise ArchitectCommented:
lol, glad to have helped, its easily missed :)

Normal Internet is an interesting question....

Normally I allow http, https, & ftp from all users
dns from internal dns servers
smtp from smtp servers
However, all outbound is no issue whatsoever if this is what your IT Security policy allows.

Regards
Keith Alabaster
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.