Avatar of debbie0040

asked on 

SharePoint and ISA Server

We have a AD domain on our DMZ. We have an external only SharePoint 2007 site that authenicates uisng this domain via ISA Server.

We want to bring up a SharePoint 2007 server that is accessible for internal and external users. We want to use ISA 2006.  I know that we would set  up the initial internal site then create and extend a web application for external users.

We want our internal users that access the new SharePoint server to use our corporate AD domain. We want our external customers/vendors to authenicate using the domain that is on the DMZ.

Any recommendations to accomplish this?
Microsoft Forefront ISA ServerMicrosoft SharePoint

Avatar of undefined
Last Comment
Keith Alabaster
Avatar of cmv131
Flag of United States of America image

That pretty well describes how we have SP set up with ISA.

Basics are as follows:

Install & Configure SP
Extend Web App -- Use host-headers / DNS / AAM to make sure it is accessible via the URL you want
Configure FBA for your extended web application (Use the AD provider and LDAP to connect to external active directory)
Make sure you can get to both sites internally and login with your FBA users

Install ISA
Create Firewall rules for each site
Create a web listener.  Tell it to use Forms Auth and LDAP as the verification method
Configure your validation servers.  1 entry for internal AD and 1 for external.  Make sure your login expressions are different on both (domain\username or UPN), because that is how ISA knows where to find the user to authenticate
Allow LDAP and NETBIOS (Diagram, Name Service, & Session) through ISA
Allow signal signon in your publishing rules if you want life to be a little bit better for people accessing multiple sites
Test from external.
If you are having problems with external access, watch the ISA monitoring option when you try to access.  It will tell you what is being blocked.

In this senario, your external users have to log in twice (kind of a pain), once in ISA and once for SharePoint's FBA.  Your internal users on the outside should only have to authenticate against ISA if it is configured correctly, as it will pass the info into SP

Hope this helps a little
Avatar of debbie0040


We need to install SharePoint on our internal domain because our SQL server is part of that domain.  Our SQL server is used for internal.

We want to authenicate internal user without going through ISA and have external users going through ISA and using the DMZ AD. Is this possible?

Why would  FBA be required if we are go ing to authenicate using dmz AD for external users?

We won't be uisng ISA for internal users only external. Is that possible?

Thanks for your assitance in this.
Avatar of cmv131
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of debbie0040


Thanks  You answered all my questions . You are great!!!!
Avatar of Keith Alabaster
Nice solution. Never had an ISA installation with AD installed on it in a dmz area - probably as I have never thought of doing it that way. neat

Microsoft SharePoint
Microsoft SharePoint

Microsoft Sharepoint is a software platform and family of software products used for collaboration and web publishing combined. These capabilities include developing web sites, portals, intranets, content management systems, search engines, wikis, blogs, and other tools for business intelligence and collaboration. SharePoint has a Microsoft Office-like interface, and it is closely integrated with the Office suite.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo