Upload
dwight-morel
View
234
Download
3
Tags:
Embed Size (px)
Citation preview
Module 7:Configuring Access to
Internal Resources
Overview
Introduction to Publishing
Configuring Web Publishing
Configuring Server Publishing
Adding an H.323 Gatekeeper
Introduction to Publishing
Publishing Overview
Publishing Servers on a Perimeter Network
Guidelines for Using Publishing and Routing
Publishing Rules Overview
Publishing Overview
6
InternetInternet192.168.9.1
131.107.3.1
www.nwtraders.msft
External Adapter
Internal Adapter
Web ServerWeb Server
Internal NetworkInternal Network
Publishing Servers on a Back-to-Back Perimeter Network
LATInternal Network
LATPerimeterNetwork
Web ServerWeb Server
SQL ServerSQL Server
Internal NetworkInternal Network
Perimeter NetworkPerimeter Network
ISA ServerISA Server
ISA ServerISA Server
InternetInternet
Guidelines for Using Publishing and Routing
If your networkIf your network
Does not have a perimeter Does not have a perimeter networknetwork
Has a back-to-back perimeter Has a back-to-back perimeter network configurationnetwork configuration
Has a three-homed perimeter Has a three-homed perimeter network configurationnetwork configuration
Then useThen use
Server publishing Server publishing
Server publishing on both ISA Server computers Server publishing on both ISA Server computers
Routing and packet filtering between the Internet Routing and packet filtering between the Internet and perimeter network; server publishing and perimeter network; server publishing between the internal and perimeter networksbetween the internal and perimeter networks
Publishing Rules Overview
Web Publishing Rules
Server Publishing Rules
Publishing a server
Publishing a mail server
Rules Available for Each Mode
Configuring Web Publishing
Publishing a Web Server
Configuring Listeners for Incoming Web Requests
Redirecting Requests to Other Ports
Establishing Secure Communication
Configuring SSL Bridging
Requiring a Secure Channel
Publishing a Web Server
InternetInternet
africa.internal.nwtraders.msft
www.nwtraders.msft/africa
europe.internal.nwtraders.msft
Internal NetworkInternal Network
ISA ServerISA Server
www.nwtraders.msft/europe
AfricaAfrica
EuropeEurope
Configuring Listeners for Incoming Web Requests LONDON Properties
General
OK Cancel
Edit…Edit…
Apply
Enable SSL listeners
TCP port: 80
SSL port: 443
Connections
Outgoing Web RequestsIncoming Web Requests SecurityPerformanceAuto Discovery
IdentificationUse the same listener configuration for all internal IP addresses.
Configure listeners individually per IP address
Server IP Address Display N… Authentic… Server C…PHOENIX <All internal Integrated
RemoveRemoveAdd…
Configure…Connection settings:
Ask unauthenticated users for identification
CancelOK
Server: LONDON
IP Address: 131.107.3.1
Display Name: PartnerWeb
Use a server certificate to authenticate to web clients
AuthenticationBasic with this domain:
Digest with this domain:
Integrated
Client certificate (secure channel only)
Select…
Select domain…Select domain…Select domain…Select domain…
Add/Edit Listeners
Select domain…Select domain…Select domain…Select domain…
Redirecting Requests to Other Ports
PartnerWeb Properties
General
OK Cancel
Use this page to specify whether the request should be discarded orredirected, and configure the hosted site to which this rule redirects.
Destinations Action Applies To
Discard the request.
Bridging
Redirect the request to this internal Web server (name or IP address):
London
ApplyApplyApplyApply
Browse…
Send the original host header to the publishing server instead of the actual one (specified above).
Connect to this port when bridging request as HTTP: 80
Connect to this port when bridging request as SSL: 443
Connect to this port when bridging request as FTP: 21
Type the IP address or DNS name of the published server.
Define ports this rule redirects to
Establishing Secure Communication
Select Certificate
Select a certificate form the list of certificates available on the specified server:Certificates:
CancelOKOK
Issued To Issued By Expiration Date Friendly Name
vancouver.nam…Northwind Tra… 10/12/2002 Partner Web…vancouver.nam…Northwind Tra… 10/12/2002 Public Web Site
CancelOK
Server: LONDON
IP Address: 131.107.3.1
Display Name: Partner Web
Use a server certificate to authenticate to web clients
AuthenticationBasic with this domain:
Digest with this domain:
Integrated
Client certificate (secure channel only)
Select…
Select domain…Select domain…Select domain…Select domain…
Add/Edit Listeners
Select domain…Select domain…Select domain…Select domain…
Configuring SSL Bridging
PartnerWeb Properties
OK Cancel
Redirect HTTP requests as:HTTP requests
SSL requests (establish a secure channel to the site)
FTP requests
Apply
Redirect SSL requests as:HTTP requests (terminate the secure channel at the proxy)
SSL requests (establish a secure channel to the site)
FTP requests
Require secure channel (SSL) for published site
Require 128-bit encryptionRequire 128-bit encryptionSelect to authenticate the ISA Server by using a certificate.
Select to redirect SSL requests as HTTP requests.
General Destinations Action Applies ToBridging
Use a certificate to authenticate to the SSL Web serverUse a certificate to authenticate to the SSL Web server
Select…Select…
Requiring a Secure Channel
PartnerWeb Properties
General
OK Cancel
Destinations Action Applies To
Redirect HTTP requests as:
Bridging
HTTP requests
SSL requests (establish a secure channel to the site)
FTP requests
Cancel
Select…
Redirect SSL requests as:HTTP requests (terminate the secure channel at the proxy)
SSL requests (establish a secure channel to the site)
FTP requests
Require secure channel (SSL) for published site
Require 128-bit encryption
Use a certificate to authenticate to the SSL Web server
Select for a higher level of security.
Select to require a secure channel for Web requests.
Configuring Server Publishing
Publishing a Server
Publishing a Mail Server
Configuring the Message Screener
Publishing a Server
Name the RuleName the Rule
Specify Address MappingSpecify Address Mapping
Select a Protocol SettingSelect a Protocol Setting
Select a Client TypeSelect a Client Type
StartStartStartStart
FinishFinishFinishFinish
Publishing a Mail Server
Mail Server Security Wizard
Mail Services SelectionSelect the mail services that you would like to publish to your external users
< Back
Publish these mail services:Default
AuthenticationSSL
Authentication
Incoming SMTP
Apply content filtering
Outgoing SMTP
Incoming Microsoft Exchange/Outlook
Incoming POP3
Incoming IMAP4
Incoming NNTP
Next > Cancel
Select to apply content filtering to incoming SMTP traffic.
Configuring the Message Screener
Running the Message Screener on the ISA Server Computer
Running the Message Screener on a Separate Computer
Adding an H.323 Gatekeeper
H.323 Overview
How the H.323 Gatekeeper Works
Adding and Configuring an H.323 Gatekeeper
H.323 Overview
InternetInternet
H.323 Gateway
H.323 Gateway
ClientClient
ClientClient
The H.323 standard defines: How connections are established
How two devices initiate communications with each other
How data is transmitted over a network
How audio and video codec components encode and decode input/output
How the H.323 Gatekeeper Works
DNSDNS
Origination EndpointOrigination Endpoint Destination EndpointDestination Endpoint
SRV_Q931_tcp.contoso.msft
24.0.0.10
SRV_Q931_tcp.contoso.msft
24.0.0.10
SRV_Q931_tcp.nwtraders.msft
136.0.0.1
SRV_Q931_tcp.nwtraders.msft
136.0.0.1
1111
NetMeetin
g queries DNS to
find Gatekeeper
2222
3333
Returns IP address to
John’s computer
4444InternetInternet
ISA H.323 Gateway136.0.0.1
ISA H.323 Gateway136.0.0.1
Gatekeeper24.0.0.10
Gatekeeper24.0.0.10
192.168.0.10
Adding and Configuring an H.323 Gatekeeper
ISA ManagementAction View
Gatekeeper Status Description
celeration Server
MonitoringServerAccess PolicyPublishingBandwidth RulesPolicy ElementsCache ConfigurationMonitoring ConfigurationExtensions
Application FiltersWeb Filters
Network ConfigurationClient Configuration
H323 Gatekeepers
LONDON Normal
Add gatekeeper…
View
HelpAdd Gatekeeper
Select a computer running H.323 Gatekeeper that you want to add
OK Cancel
Gatekeeper computer:This computer
Another computer
Lab A: Configuring Access to Internal Resources
Review
Introduction to Publishing
Configuring Web Publishing
Configuring Server Publishing
Adding an H.323 Gatekeeper