Publishing multiple HTTPS web servers
Ian
servers that are on different internal phsycal servers requiring HTTPS or
HTTP connctions. Is there some step-by-step URLs? Thanks.
Phillip Windell
not required for HTTP).
2. Have ISP or whoever hosts your public DNS to create the proper Host
Records for each Site's FQDN to the correct Public IP#
3. Configure Split-DNS on the LAN's AD/DC/DNS so that the same FQDNs resolve
*directly* to the actual Private IP# of the Web Server(s),...not the Public
IP#. You can run multiple Sites in IIS on the same IP# and Port# by
distinguishing the sites via HostHeaders.
4. Aquire a Certificate for each Site and install it on the Web Server(s).
Then, on the *web server(s)*,...via the Certificates MMC export the
Certificate out to a PFX file that includes the Private Key. Copy the
files of these Certs to the ISA machine and import it into the machine's
Certificate Store via the Certificates MMC.
5. Create a separate Publishing Rule on the ISA for each Site. Because
ISA2006 allow one Listener to have mulltiple Certs and mulitple IP# is it
usually possible to re-use the Same Listener for each Publishing Rule.
6. In the Publishing Rules *always* use the Public FQDN to identify the
Site,...do this everywhere the Rule asks for the Site. *Never* be tempted
to use the IP# or the Netbios Name or Internal AD DNS Name for the site.
Always use the Public FQDN,...period. There is more than one place in the
Rule that this will occur.
This should be enough information that you can tell ISA to create a new Web
Server Publishing Rule,...specify that it is a "secured" site,...and follow
the wizard prompts from there.
It is difficult to give one simple URL to an article for this because of
variances in different situations. It is usually a confusing mess to try to
do so.
But at your own *risk*,...here are a few links,...they may,..*or may
not*,...be relevant to you,...I fear you will be mislead or confused by
them.
Since OWA is nothing more than an SSL Site,..all these links focus on it.
ISA2004 must use separate Listeners,...*not* true for ISA2006,...don't let
the articles mislead you.
Publishing Exchange 2007 OWA, Exchange ActiveSync and RPC/HTTP using the
2006 ISA Firewall
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part1.html
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part2.html
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part3.html
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part4.html
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part5.html
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part6.html
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part7.html
Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006
Enterprise Edition Firewalls using Forms-based Authentication (Single Member
Array without NLB)
http://www.isaserver.org/tutorials/Publishing-Outlook-Web-Access-Outlook-RPCHTTP-ISA-Server-2006-Firewalls-Forms-based-Authentication.html
Publishing OWA and Outlook RPC/HTTP with ISA Server 2006 EE Firewalls using
Forms-based Authentication (Single Member Array without NLB): Part 2: DNS
and Certificate Deployment Issues
http://www.isaserver.org/tutorials/Publishing-Outlook-Web-Access-Outlook-RPCHTTP-ISA-Server-2006-Firewalls-Forms-based-Authentication-Part2.html
Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006
Enterprise Edition (RC) Firewalls using Forms-based Authentication (Single
Member Array without NLB) – Part 3: Deploying Certificates and Creating the
Web Publishing Rules
http://www.isaserver.org/tutorials/Publishing-Outlook-Web-Access-Outlook-RPCHTTP-ISA-Server-2006-Firewalls-Forms-based-Authentication-Part3.html
Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006
Enterprise Edition (RC) Firewalls using Forms-based Authentication (Single
Member Array without NLB) – Part 4 Creating the Web Publishing Rules and
Testing the Configuration
http://www.isaserver.org/tutorials/Publishing-Outlook-Web-Access-Outlook-RPCHTTP-ISA-Server-2006-Firewalls-Forms-based-Authentication-Part4.html
Publishing OWA Sites using ISA Firewall Web Publishing Rules (2004) Version
1.1
http://www.isaserver.org/articles/2004pubowartm.html
Publishing Multiple Web Sites using a Wildcard Certificate in ISA Server
2004
http://www.isaserver.org/tutorials/2004wildcardcert.html
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Ian
"Phillip Windell" wrote:
> .
>
Phillip Windell
"Ian" <I...@discussions.microsoft.com> wrote in message
news:AA57D2C8-49A8-420B...@microsoft.com...
> What if I have only one public IP?
Then you get a gazzillion HTTP sites,...and *one* HTTPS Site.
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------