?
Solved

how do i setup acces to EXCHANGE 2007 CAS through isa 2006 reverse proxy

Posted on 2008-11-11
13
Medium Priority
?
384 Views
Last Modified: 2012-05-05
Im missing something basic Im sure: -  I have CAS exchange 2007 setup - users can get to their 2003 exch mailbox ok using this  going to https://servername/exchange. I cant or at least dont know how to get access from outside/internet to this location - with isa 2006 reverse proxy. All ports open through firewall  - my main gripe at the minute is what do i substitute  this (https://servername/exchange) with on the ISA server Exchange web client access rule - To Tab in area (this rule applies to this published site:) from the doco Ive read it says "put in what users type into a browser to get to their webmail" - but i cant put in https://servername/exchange - so im lost and feeling stupid :)  - how do i create a url or host i h\guess that does point to https://servername/exchange?  - thats the part im missing - so its either an IIS or DNS thing I guess.
0
Comment
Question by:philb19
  • 7
  • 6
13 Comments
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 22937229
Morning Fella,

http://technet.microsoft.com/en-us/library/bb794751.aspx for Exchange 2007

http://technet.microsoft.com/en-us/library/bb794845.aspx for Exchange 2003.

Basically you need to let ISA deal with the logon, and back-end authenticate to your CAS servers. Both links are pretty in-depth and should cover anything you need :)
0
 
LVL 1

Author Comment

by:philb19
ID: 22937275
thanks allot to read there - I was hoping for quick explanation of going from https://servername/exchange    to    say  https://mail.contoso.com/exchange - and how i would do this (hopefully simply)step by step -


thanks again will try and get through article
0
 
LVL 11

Accepted Solution

by:
Stephen Croft earned 2000 total points
ID: 22937895
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:philb19
ID: 22938298
very interesting thanks - might need to give you points - thing is i was  trying to setting up with a unihomed single nic ISA 2006 - in a workgroup in the DMZ - this article recommennds 2 nics - and to join ISA 2006 to the domain - seems insecure - but ill need to read his articles - is this the way you have set it up - ie - by joining the isa to the domain?
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 22938322
AD joining isn't that bad, as you should have a decent firewall in front of your DMZ anyway ;)

As for single nic / dual nic, I would reassess your plan and implement dual nics. In fact you will have to open up your DMZ sufficiently enough for you to be able to talk to Exchange / AD back end.

Other way of doing this is to setup a website as a simple reverse proxy for OWA, and not a "OWA Virtual Proxy". Disable IAS authentication and it should be able to present directly the OWA. Personally not  the best way to do it, but it works.
0
 
LVL 1

Author Comment

by:philb19
ID: 22938864
great thanks - 1 thing I would like answered is in regard to dns - sorry for basic question - so the user on internet types in URL for webmail - say webmail.organization.com.au - the DNS entry for this i create should point to the ISA server in the DMZ correct ? - and from here the ISA then talks to the exchange CAS server in internal LAN - then exchange passes traffic through the ISA proxy and back to client -  Am I correct with this?

Im just a bit confused with what host record i put in dns - and How isa knows to apply the exchange pub rule ?? thanks again
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 22938909
your A record for the subdomain required should be pointed at your WAN IP that Nat's through to your DMZ (or your DMZ address if it is a "live Internet IP"
0
 
LVL 1

Author Comment

by:philb19
ID: 22946245
Yes thats what i feared was the case - thanks. Does that mean that ALL traffic coming into our LAN will  then NAT to the ISA (DMZ interface - it is public)  -- therefore ALL traffic will go through the ISA - meaning I will need to have the correct rules to allow traffic to pass to reach say our smtp server - web server etc?
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 22948144
That depends. Do you have a router/firewall in front of your ISA?
0
 
LVL 1

Author Comment

by:philb19
ID: 22956340
yes the PIX   - the isa is just 1 of 12 servers in dmz
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 22958117
Then you want to forward web traffic onto your ISA via your PIX. Other traffic can still NAT elsewhere :)
0
 
LVL 1

Author Comment

by:philb19
ID: 22992175
all good dns to the isa interface - no need for any NAT - despite doco saying to do - all working without NAT - thanks for help - its important to have permissions on virtual dirs correct - all the patchs fro publishing webmail - as well as use template for single interface on an isa
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 22992621
fab thanks fro the points!
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month14 days, 17 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question