• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1383
  • Last Modified:

ISA 2006 setup in PIX DMZ for OWA 2003

This is the continuation question from (http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_22630039.html).

I need to deploy ISA ASAP, can someone shed some lights?
In short, I need to setup ISA in PIX DMZ for OWA/OMA.

                           Internet (outside)
ISA (DMZ) --------------- PIX -------------- (inside) OWA, DC1, DC2, Exchange

ISA = W2K3 SP1 ISA 2006 Ent.
DC1 = DC, GC and DNS
DC2 = DC only
OWA = Exchange 2003 (front end) server w/ SP2, FQDN CA cert
Exchange = Exchange 2003 (backend) server w/ SP2

OWA has StarCom SSL CA.  It used to be located in the DMZ and has moved back to Inside.  Here are the questions:
1) Should ISA be the domain member server or standalone?
2) On the PIX, 443 is pointing to ISA from outside to DMZ now.  What CA should I use?  Should I use the OWA CA or apply the new one via IIS?
3) Can anyone provide the step-by-step setup for ISA 2006 (not ISA 2004) and OWA 2003 (not OWA 2007)?
4) Does ISA require IIS running in this case?

Vic T
Vic T
1 Solution

1) Make the sure the ISA  server is part of the Internal LAN and then set up the ISA using Exchange server publishing rules

2&3) Use the Certificate on the ISA as it should do the authenication
http://www.isaserver.org/tutorials/Using-Commercial-Web-Site-Certificate-Publish-Outlook-Web-Access-Part1.html and follow through the series

4) Nope.

Forced accept.

EE Admin

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now