asked on 7/24/2008

SharePoint and ISA Server

We have a AD domain on our DMZ. We have an external only SharePoint 2007 site that authenicates uisng this domain via ISA Server.

We want to bring up a SharePoint 2007 server that is accessible for internal and external users. We want to use ISA 2006. I know that we would set up the initial internal site then create and extend a web application for external users.

We want our internal users that access the new SharePoint server to use our corporate AD domain. We want our external customers/vendors to authenicate using the domain that is on the DMZ.

Any recommendations to accomplish this?

Microsoft Forefront ISA Server Microsoft SharePoint

Last Comment

Keith Alabaster

7/24/2008

cmv131

7/24/2008

That pretty well describes how we have SP set up with ISA.

Basics are as follows:

Install & Configure SP
Extend Web App -- Use host-headers / DNS / AAM to make sure it is accessible via the URL you want
Configure FBA for your extended web application (Use the AD provider and LDAP to connect to external active directory)
Make sure you can get to both sites internally and login with your FBA users

Install ISA
Create Firewall rules for each site
Create a web listener. Tell it to use Forms Auth and LDAP as the verification method
Configure your validation servers. 1 entry for internal AD and 1 for external. Make sure your login expressions are different on both (domain\username or UPN), because that is how ISA knows where to find the user to authenticate
Allow LDAP and NETBIOS (Diagram, Name Service, & Session) through ISA
Allow signal signon in your publishing rules if you want life to be a little bit better for people accessing multiple sites
Test from external.
If you are having problems with external access, watch the ISA monitoring option when you try to access. It will tell you what is being blocked.

In this senario, your external users have to log in twice (kind of a pain), once in ISA and once for SharePoint's FBA. Your internal users on the outside should only have to authenticate against ISA if it is configured correctly, as it will pass the info into SP

Hope this helps a little

debbie0040

7/24/2008

ASKER

We need to install SharePoint on our internal domain because our SQL server is part of that domain. Our SQL server is used for internal.

We want to authenicate internal user without going through ISA and have external users going through ISA and using the DMZ AD. Is this possible?

Why would FBA be required if we are go ing to authenicate using dmz AD for external users?

We won't be uisng ISA for internal users only external. Is that possible?

Thanks for your assitance in this.

ASKER CERTIFIED SOLUTION

cmv131

7/24/2008

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

debbie0040

7/24/2008

ASKER

Thanks You answered all my questions . You are great!!!!

Keith Alabaster

7/24/2008

Nice solution. Never had an ISA installation with AD installed on it in a dmz area - probably as I have never thought of doing it that way. neat

Keith
ISA MVP