ISA 2004 Seucre Bridging Mode not working

I have followed the following guides both diligently twice over but still can't get the Bridging mode "Secure connection to clients and mail server" to work:
-Publishing OWA Sites using ISA Firewall Web Publishing Rules (2004) Version 1.1 - Thomas Shinder
-Step-by-step Guide to Deploying Microsoft Exchange Server 2003 SP2 Mobile messaging with Windows Mobile 5.0-based Devices.

If I use the Bridging mode, "Standard connections only", it works with HTTPS (SSL) but not with the Secure connection to clients and mail server.

From ISA and on the internal network, there is no problem. My problem is trying to access the OWA site externally from the internet. I can access via HTTPS only when my Bridging mode is set to Standard connections only on the ISA 2004. If I put it to the Secure connection to clients and mail server mode as suggested by the 2 guides above, I get the following error:
"
Error Code: 408. The operation timed out. The remote server did not respond within the set time allowed. The server might be unavailable at this time. Try again later or contact the server administrator. (12002)
"
Some things to note :.
-My Cisco Pix is configured to forward all https traffic to my ISA 2004 server.
-Any traffic from the internal interface of Cisco Pix is allowed to go out.
-I am a newbie at configuring OWA and OMA and this is my test lab which is not working currently

Any help appreciated.

Thanks
LVL 3
fiji_islanderAsked:
Who is Participating?
 
fiji_islanderAuthor Commented:
Ok, problem solved today.

Apparently since my test lab had the ISA 2004 in a workgroup as suggested by the MS step-by-step guide, the SSL connection was broken because there was no default gateway on my Front-End OWA Exchange server which was in a test domain. Once the default gateway was put it, it worked like a beauty!

Funny the MS guide forgot to mention pointing the default gateway to the ISA 2004. They only mentioned creating a host file for the ISA 2004 to contact the front-end server but never mentioned that the front-end server should have a default gateway pointing back to ISA 2004 since the ISA is not in the domain.
0
 
Keith AlabasterEnterprise ArchitectCommented:
How have you installed the certificates on the OWA/OMA server and on the ISA server?
What service pack of ISA are you using?
0
 
fiji_islanderAuthor Commented:
Yes, I have installed the certificates on the OWA/OMA front end server and the ISA server as suggested in the guides. I can even do a HTTPS connection to it from the ISA Server (in a workgroup), from the domain controller (internal LAN) or from outside (external) only if the Bridging mode is standard connections.

If the bridging mode is secure connections, only HTTPS connections that works are from the ISA server and DC and not from the external outside connections.
0
 
Keith AlabasterEnterprise ArchitectCommented:
To be honest, they shouldn't have to. The default gateway entries are standard networking requirements for the base operating system, they would be nothing to do with the fact that Exchange is being used. The inclusion of a domain or workgroup is also not relevant to a default gateway setting - the only reference one would expect to be covered is that the ISA server only has one default gateway and that has to be on the external nic, the internal nic must not have a default gateway entered. just a route statement.

Keith
0
 
Vee_ModCommented:
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.