• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1383
  • Last Modified:

ISA 2006 setup in PIX DMZ for OWA 2003

This is the continuation question from (http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_22630039.html).

I need to deploy ISA ASAP, can someone shed some lights?
In short, I need to setup ISA in PIX DMZ for OWA/OMA.

                           Internet (outside)
                                       |
ISA (DMZ) --------------- PIX -------------- (inside) OWA, DC1, DC2, Exchange

ISA = W2K3 SP1 ISA 2006 Ent.
DC1 = DC, GC and DNS
DC2 = DC only
OWA = Exchange 2003 (front end) server w/ SP2, FQDN CA cert
Exchange = Exchange 2003 (backend) server w/ SP2

OWA has StarCom SSL CA.  It used to be located in the DMZ and has moved back to Inside.  Here are the questions:
1) Should ISA be the domain member server or standalone?
2) On the PIX, 443 is pointing to ISA from outside to DMZ now.  What CA should I use?  Should I use the OWA CA or apply the new one via IIS?
3) Can anyone provide the step-by-step setup for ISA 2006 (not ISA 2004) and OWA 2003 (not OWA 2007)?
4) Does ISA require IIS running in this case?
Thanks!!!


0
Vic T
Asked:
Vic T
1 Solution
 
What90Commented:

1) Make the sure the ISA  server is part of the Internal LAN and then set up the ISA using Exchange server publishing rules

2&3) Use the Certificate on the ISA as it should do the authenication
http://www.isaserver.org/tutorials/Using-Commercial-Web-Site-Certificate-Publish-Outlook-Web-Access-Part1.html and follow through the series

4) Nope.

HTH
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now