Link to home
Start Free TrialLog in
Avatar of quippee
quippee

asked on

ISA owa proxy internal users

Ok we have set up OWA publishing with isa 2006. when an external user goes to owa.domain.com it goes to our isa and then isa goes to the interal site lets call it webmail1. ISA has an entry in its host file owa.domain.com to go the internal IP of the mailserver. The problem comes when internla users try to go to owa.domain.com they are using the isa as their proxy. So since its an internal ip and isa is also pointing to the internal ip of webmail1 the users dont get the form based log in they get a pop up to log in.

The solution I would think is to enable form authentication on the mail server but then isa doesnt work when thats enabled.

Thanks
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Nope - the problem is likely that your dns is returning the external IP address of ISA as the ip address needed to get to OWA whereas, when inside, you need the internal IP address of the OWA box. if you have published the OWA server to listen on both the ISA internal & external interfaces, then this is the IP address that needs to be used.

You can test this by doing an nslookup of owa.domain.com - what ip address does it return? internal or external from a client work station?

You have a couple of options.

1. If you have done the sensible thing, and used a different dns system for internal than the one you have used for external, then its easy. You simply create a new DNS zone on your internal servers that matches your external domain.com and create an A record for OWA that points to either the OWA box directly (internal IP) or uses the ISA internal nic ip (internal ip).

2. If you have done the horrible, ie your internal dns and your external dns are both youirdomain.com, then you are somewhat stuffed. As you will not be able to create an internal and external A record in the zone called OWA with different ip addresses - it won't like it. In this case you will likely want to use something like the hosts file to put an entry in for OWA and give the internal ip address requyired.
Avatar of quippee
quippee

ASKER

hmm...

Ok that makes sense but seems to be a different set up that I have....

I have an mailserver with regular owa access meaning you get a popup. then ISA is publishing owa using an extenal ip and using form authentication.

The clients use isa as the proxy so when they hit owa.domain.com they dont access their dns, isa does the resolution for them. and ISA as a server points owa.domain.com to the internal ip of the mail server that has the pop log in.

When I was setting up owa I was stated in the guide that ISA need to resolve owa.domain.com to the internal IP address.

So even If i use a host file it still doesnt work because ISA when responding proxy request for owa.domain.com will take them to the internal ip.

did that help? lol I hope so , so you can help me :)
ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of quippee

ASKER

Yes, I got it to work. what I did is to delete the hostfile entry in isa that pointed owa.domain.com to the internal IP of the mailserver . So now everything points to the outside address and its working fine. I forgot to mention that this is a single nic set up for ISA>

What was happening before was that on the ISA server I was trying to go to owa.domain.com and it kept taking me to the internal site so  like I said I changed the entry in DNS to point to the outside. our internal and external is the same name.....domain.com . in the owa publishing rule when is sais TO . i have the name of the mailserver and its IP . I used to have the name of the server and owa.domain.com.

Hope this helsp anyone and also thanks for the input Keith.


Welcome :)