carlnys
asked on
ISA 2006 SSL Encryption
Quick question, can you encrypt traffic to and from the internet on an ISA 2006 box using SSL without configuring SSL on any of the internal sites?
Or would you need to set up both http and https to enable both encrypted and unencrypted traffic. I am struggling to understand what my manager requires.
I have been told that he doesn't want SSL set up on any of the IIS servers, only the ISA box, and wants external traffic encrypted only. I dont know the model I need to be investigating.
Please advise.
Or would you need to set up both http and https to enable both encrypted and unencrypted traffic. I am struggling to understand what my manager requires.
I have been told that he doesn't want SSL set up on any of the IIS servers, only the ISA box, and wants external traffic encrypted only. I dont know the model I need to be investigating.
Please advise.
Internally you can use HTTP and externally use HTTPS with SSL but in order to do this, IIS would need to be configured with both. You can tell ISA to only accept SSL connections from the internet by using the wizard to deploy the web server.
Don't change anything.
When you run your publishing rule you can select bridging which will make the ISA listen for external requests on port 443 and these can then be forwarded on port 80 to the internal site.
Two things to bear in mind.
one - the ISA will need a certificate
two - ISA can only listen on one IP address for each port 443 rule (publishing) rule you set up.
Keith
ISA MVP
When you run your publishing rule you can select bridging which will make the ISA listen for external requests on port 443 and these can then be forwarded on port 80 to the internal site.
Two things to bear in mind.
one - the ISA will need a certificate
two - ISA can only listen on one IP address for each port 443 rule (publishing) rule you set up.
Keith
ISA MVP
ASKER
Hi Keith,
When I select Bridging and SSL 443, I hit two problems 1)without the certificate option, I get SSL authentication Errors, 2) If I select it I cant see my cert even though I can see it in the web listener SSL cert section.
If I don't bridge https it works if I do it fails, currently I can get anonymous authentication to the https://domain/application and to both http and https for internal traffic via http/s://server/applicatio
The server is a development server and the devs want to be able to access it by all of the methods listed above. If it helps the certificate is a selfssl.exe generated .pfx the CN= is the doamin ie xx.xxxx.com.au.
Any thoughts would be appreciated.
Carl
ISA Newbie 8^)
When I select Bridging and SSL 443, I hit two problems 1)without the certificate option, I get SSL authentication Errors, 2) If I select it I cant see my cert even though I can see it in the web listener SSL cert section.
If I don't bridge https it works if I do it fails, currently I can get anonymous authentication to the https://domain/application and to both http and https for internal traffic via http/s://server/applicatio
The server is a development server and the devs want to be able to access it by all of the methods listed above. If it helps the certificate is a selfssl.exe generated .pfx the CN= is the doamin ie xx.xxxx.com.au.
Any thoughts would be appreciated.
Carl
ISA Newbie 8^)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thankyou