how do i setup acces to EXCHANGE 2007 CAS through isa 2006 reverse proxy

Im missing something basic Im sure: -  I have CAS exchange 2007 setup - users can get to their 2003 exch mailbox ok using this  going to https://servername/exchange. I cant or at least dont know how to get access from outside/internet to this location - with isa 2006 reverse proxy. All ports open through firewall  - my main gripe at the minute is what do i substitute  this (https://servername/exchange) with on the ISA server Exchange web client access rule - To Tab in area (this rule applies to this published site:) from the doco Ive read it says "put in what users type into a browser to get to their webmail" - but i cant put in https://servername/exchange - so im lost and feeling stupid :)  - how do i create a url or host i h\guess that does point to https://servername/exchange?  - thats the part im missing - so its either an IIS or DNS thing I guess.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Stephen CroftTechnical ArchitectCommented:
Morning Fella, for Exchange 2007 for Exchange 2003.

Basically you need to let ISA deal with the logon, and back-end authenticate to your CAS servers. Both links are pretty in-depth and should cover anything you need :)
philb19Author Commented:
thanks allot to read there - I was hoping for quick explanation of going from https://servername/exchange    to    say - and how i would do this (hopefully simply)step by step -

thanks again will try and get through article
Stephen CroftTechnical ArchitectCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

philb19Author Commented:
very interesting thanks - might need to give you points - thing is i was  trying to setting up with a unihomed single nic ISA 2006 - in a workgroup in the DMZ - this article recommennds 2 nics - and to join ISA 2006 to the domain - seems insecure - but ill need to read his articles - is this the way you have set it up - ie - by joining the isa to the domain?
Stephen CroftTechnical ArchitectCommented:
AD joining isn't that bad, as you should have a decent firewall in front of your DMZ anyway ;)

As for single nic / dual nic, I would reassess your plan and implement dual nics. In fact you will have to open up your DMZ sufficiently enough for you to be able to talk to Exchange / AD back end.

Other way of doing this is to setup a website as a simple reverse proxy for OWA, and not a "OWA Virtual Proxy". Disable IAS authentication and it should be able to present directly the OWA. Personally not  the best way to do it, but it works.
philb19Author Commented:
great thanks - 1 thing I would like answered is in regard to dns - sorry for basic question - so the user on internet types in URL for webmail - say - the DNS entry for this i create should point to the ISA server in the DMZ correct ? - and from here the ISA then talks to the exchange CAS server in internal LAN - then exchange passes traffic through the ISA proxy and back to client -  Am I correct with this?

Im just a bit confused with what host record i put in dns - and How isa knows to apply the exchange pub rule ?? thanks again
Stephen CroftTechnical ArchitectCommented:
your A record for the subdomain required should be pointed at your WAN IP that Nat's through to your DMZ (or your DMZ address if it is a "live Internet IP"
philb19Author Commented:
Yes thats what i feared was the case - thanks. Does that mean that ALL traffic coming into our LAN will  then NAT to the ISA (DMZ interface - it is public)  -- therefore ALL traffic will go through the ISA - meaning I will need to have the correct rules to allow traffic to pass to reach say our smtp server - web server etc?
Stephen CroftTechnical ArchitectCommented:
That depends. Do you have a router/firewall in front of your ISA?
philb19Author Commented:
yes the PIX   - the isa is just 1 of 12 servers in dmz
Stephen CroftTechnical ArchitectCommented:
Then you want to forward web traffic onto your ISA via your PIX. Other traffic can still NAT elsewhere :)
philb19Author Commented:
all good dns to the isa interface - no need for any NAT - despite doco saying to do - all working without NAT - thanks for help - its important to have permissions on virtual dirs correct - all the patchs fro publishing webmail - as well as use template for single interface on an isa
Stephen CroftTechnical ArchitectCommented:
fab thanks fro the points!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.