Problems accessing internal network through ISA 2004 to work

[lesj1968]

Hi

I have just set up ISA 2004 to work with a Cisco PIX. My ISA machine sits between the PIX and my internal network. The ISA machine has two NICs. The external ISA NIC communicates with the PIX and the internal NIC on the ISA faces the internal network.

The default gateway on the internal ISA NIC has been left blank. The default gateway on the external ISA NIC uses the internal ip address of the PIX. The PIX has been set up and works.

We have internal web server on the network which holds a staff intranet on the IIS on this machine. The default gateway on the NIC on the internal web server uses the internal NIC ip of the ISA machine. My aim is to get staff on the outside to be able to log in (using integrated windows authentication) to the network and access this internal web server. However up to now I keep getting a page cannot be displayed error when I test accessing the internal web server from an external site.

I have set up the web publishing rule (which includes the listener) to check for all external incoming HTTP requests on port 80. I have also set up a rule which allows outbound HTTP requests so staff can access the internet from within the network.

My operating system on the ISA machine is Windows 2003. I have checked all security options on the IIS on the internal web server and there is nothing which should prevent access. All access has been set up as integrated Windows authentication. I do NOT wish to use any other type of authentication.

Please can anyone tell me what I am missing and what might need checking so I can get this set up to work with ISA 2004?

Thank you very much for any help.

Les

 

[lesj1968]

Please can anyone assist me?

Thanks in advance.

Les

 

[coco10]

hi check this

http://isaserver.org/articles/2004ignoreserverpub.html

coco10

 

[lesj1968]

Hi

Thank you for your help. I have managed to configure ISA so it works and our internal web server can be accessed externally. It works brilliantly. I have also configured access to our internal mail server so users can access Outlook Web Access and another internal server.

I now wish to make it totally secure and use basic authentication WITH integrated windows authentication WITH an SSL certificate. My question is do I need a separate SSL certificate for each internal server or just one, which will be saved in a network place - where would it be saved? I have looked at Thawte and Verisign - are these good companies to get an SSL certificate from?

Thank you for any help.

Les

 

[coco10]

hi, its glad to know you can solve your problems

check this for ssl and certificates things

in advance thawte and Verisig are ok.

http://isaserver.org/articles/exportsslcert.html

http://isaserver.org/articles/2004sslisafirewallpart1.html

http://isaserver.org/articles/2004isassl.html

http://isaserver.org/tutorials/2004owa2.html

for completment you need to reed how to enabled ssl comunication in the IIS and Exchange. But its in other forumn from the ISA check the links

hope its helps
coco10

 

[lesj1968]

Thank you for your reply. Please can you tell me how many certificates I will need to purchase? Do I just have one which I will only keep on the ISA machine and no where else?