Module 5: Configuring Access
to Internal Resources
Overview
Introduction to Publishing
Configuring Web Publishing
Configuring Secure Web Publishing
Configuring Server Publishing
Configuring ISA Server Authentication
Lesson: Introduction to Publishing
Multimedia: Using ISA Server 2004 to Enable Accessto Internal Network Resources
What Are Web Publishing Rules?
What Are Server Publishing Rules?
DNS Configuration for Web and Server Publishing
Multimedia: Using ISA Server 2004 to Enable Access to Internal Network Resources
What Are Web Publishing Rules?
Web publishing rules provide the following features:
Secure Web publishing rules enable the use of SSL to encrypt network traffic between client and server
Web publishing rules provide the following features:
Secure Web publishing rules enable the use of SSL to encrypt network traffic between client and server
Publish HTTP or HTTPS content
Application-layer filtering
Path mapping
User authentication
Publish HTTP or HTTPS content
Application-layer filtering
Path mapping
User authentication
Content caching
Publish multiple Web sites with one IP address
Link translation
Logging client IP address
Content caching
Publish multiple Web sites with one IP address
Link translation
Logging client IP address
ISA Server
What Are Server Publishing Rules?
Server publishing rules provide the following features:
Server publishing rules forward requests to internal servers based on protocol and port number
Server publishing rules provide the following features:
Server publishing rules forward requests to internal servers based on protocol and port number
Publish content usingmultiple protocols
Application layer filtering for protocols with application filters
Publish content usingmultiple protocols
Application layer filtering for protocols with application filters
Support for encryption
Logging client IP address
Support for encryption
Logging client IP address
ISA Server
InternetInternet
DNS Configuration for Web and Server Publishing
ISAServer
ISAServer
DNSServerDNS
Server
11
Perimeter NetworkPerimeter Network
Internal NetworkInternal Network
DNSServerDNS
Server
33
44
www.cohovineyard.comwww.cohovineyard.com
22
Practice: Configuring DNS
Applying the 3-Leg Perimeter Template
Creating the Internet DNS records
Creating the internal DNS records
Testing internal access to cohovineyard.com Web sites
Den-Web-01
Internet
Den-ISA-01
Den-DC-01
Gen-Web-01
Lesson: Configuring Web Publishing
Web Publishing Rules Configuration Components
How to Configure Path Mapping
How to Configure Web Listeners
How to Configure Link Translation
How to Configure a New Web Publishing Rule
Web Publishing Rules Configuration Components
Web publishing rules configuration: • Action• Name• Users• Traffic source• Public name• Web listener• Path mappings• Bridging• Link Translation
Sales
Human Resources
Online Store
How to Configure Path Mapping
http://www.cohovineyard.com/hrhttp://www.cohovineyard.com/hr
Virtual DirectoriesVirtual Directories
http://www.cohovineyard.com/shophttp://www.cohovineyard.com/shop
ISAServer
ISAServer
How to Configure Web Listeners
http://www.cohovineyard.comhttp://www.cohovineyard.com
Private Web SitePrivate Web Site
CohoVineyard Web SiteCohoVineyard Web Site
http://private.cohovineyard.comhttp://private.cohovineyard.com
Anonymous Web listenerAnonymous Web listener
Authenticated Web listenerAuthenticated Web listener
ISAServer
ISAServer
How to Configure Link Translation
http://www.cohovineyard.comhttp://www.cohovineyard.com
Translate LinksTranslate Links
ISAServer
ISAServer
LinksLinks
How to Configure a New Web Publishing Rule
Web Publishing Rule Wizard configuration:
Action
Published Website
Public name
Web listener
User Sets
Practice: Configuring Web Publishing
Configuring a New Web Listener
Configuring a New Web Publishing Rule
Testing the Web Publishing Rule
Den-Web-01
Internet
Den-ISA-01
Den-DC-01
Gen-Web-01
Lesson: Configuring Secure Web Publishing
What Is Secure Sockets Layer?
How to Prepare ISA Server for SSL
How SSL Bridging Works
How SSL Tunneling Works
How to Configure a New Secure Web Publishing Rule
What Is Secure Sockets Layer?
WebServerWeb
Server
Server AuthenticationServer Authentication
Client AuthenticationClient Authentication
Encrypted SSL Connection
Encrypted SSL Connection
Den-Web-01.cohovineyard.comDen-Web-01.cohovineyard.com
How to Prepare ISA Server for SSL
ISAServer
ISAServer
www.cohovineyard.comwww.cohovineyard.com
How SSL Bridging Works
ISAServer
ISAServer
How SSL Tunneling Works
ISAServer
ISAServer
How to Configure a New Secure Web Publishing Rule
SSL Web Publishing Rule Wizard configuration:
Publishing Mode
Action
Bridging Mode
Published Website
Public name
Web listener
User Sets
Practice: Configuring Secure Web Publishing
Enabling Access to the Certificate Authority Web Site
Installing a Server Certificate
Configuring a New Secure Web Publishing Rule
Testing the Secure Web Publishing Rule
Den-Web-01
Internet
Den-ISA-01
Den-DC-01
Gen-Web-01
Lesson: Configuring Server Publishing
Server Publishing Configuration Options
How Server Publishing Works
How to Configure a Server Publishing Rule
How to Publish Media Services
How to Publish Microsoft SharePoint Portal Server
How to Troubleshoot Web and Server Publishing
Server Publishing Configuration Options
Server publishing rules configuration:
Action
Traffic
Traffic source
Traffic destination
Networks
Schedule
mms://media.cohovineyard.commms://media.cohovineyard.com
CohoVineyard FTP SiteCohoVineyard FTP Site
CohoVineyard Media SiteCohoVineyard Media Site
How Server Publishing Works
ftp://ftp.cohovineyard.comftp://ftp.cohovineyard.com
Media Publishing Rule: Port 1755Media Publishing Rule: Port 1755
FTP Publishing Rule: Port 21FTP Publishing Rule: Port 21
ISAServer
ISAServer
How to Configure a Server Publishing Rule
Server Publishing Rule Wizard configuration:
Select server to publish
Select protocol
Select IP addresses where clients will connect
Practice: Configuring Server Publishing
Configuring a New Server Publishing Rule
Testing the Server Publishing Rule
Den-Web-01
Internet
Den-ISA-01
Den-DC-01
Gen-Web-01
How to Publish Media Services
ISA Server includes protocol definitions and application filters for:ISA Server includes protocol definitions and application filters for:
Microsoft Media Streaming protocol (MMS)
Uses either TCP port 80 or TCP and UDP port 1755 Enables access for Windows Media Player client
Progressive Networks protocol (PNM)
Also called RealNetworks Streaming Media protocol Uses TCP port 7070 Enables access for RealPlayer 5.0 and earlier clients
Real Time Streaming Protocol (RTSP)
Uses port 554 for fast access and port 80 for slower access Enables access to media created and read with RealSystem
G2 tools
Microsoft Media Streaming protocol (MMS)
Uses either TCP port 80 or TCP and UDP port 1755 Enables access for Windows Media Player client
Progressive Networks protocol (PNM)
Also called RealNetworks Streaming Media protocol Uses TCP port 7070 Enables access for RealPlayer 5.0 and earlier clients
Real Time Streaming Protocol (RTSP)
Uses port 554 for fast access and port 80 for slower access Enables access to media created and read with RealSystem
G2 tools
How to Publish Microsoft SharePoint Portal Server
ISA Server can securely publish this information to the Internet using:ISA Server can securely publish this information to the Internet using:
Web publishing to publish the HTTP and HTTPS content using path mapping and link translation to hide the complexity of the internal network configuration
Flexible authentication to grant only the required level of access
Server publishing to publish services running protocols other than HTTP or HTTPS
SSL bridging and tunneling to secure network traffic on the Internet
Web publishing to publish the HTTP and HTTPS content using path mapping and link translation to hide the complexity of the internal network configuration
Flexible authentication to grant only the required level of access
Server publishing to publish services running protocols other than HTTP or HTTPS
SSL bridging and tunneling to secure network traffic on the Internet
A portal can present different types of informationstored on different servers on the internal network
How to Troubleshoot Web and Server Publishing
To troubleshoot Web and server publishing issues:To troubleshoot Web and server publishing issues:
Check the resource availability
Check the DNS records
Check the error message
Check which ports the ISA Server is listening onfor connections
Check the publishing rule configuration
Check the SSL configuration and certificates
Check the resource availability
Check the DNS records
Check the error message
Check which ports the ISA Server is listening onfor connections
Check the publishing rule configuration
Check the SSL configuration and certificates
Lesson: Configuring ISA Server Authentication
How Authentication and Web Publishing Rules Work
ISA Server Web Publishing Authentication Scenarios
Using RADIUS for Authentication
How to Implement RADIUS Server for ISA Authentication
How Authentication and Web Publishing Rules Work Together
ISA Server uses authentication to grant access to publishing rules:ISA Server uses authentication to grant access to publishing rules:
When the publishing rule specifies a user set other than the All Users group
Based on the Web listener authentication methods specified for a Web publishing or secure Web publishing rule
By processing the firewall rules in order of priority. When a firewall rule matches, but requires authentication, ISA Server will prompt foruser credentials
When the publishing rule specifies a user set other than the All Users group
Based on the Web listener authentication methods specified for a Web publishing or secure Web publishing rule
By processing the firewall rules in order of priority. When a firewall rule matches, but requires authentication, ISA Server will prompt foruser credentials
ISA Server Web Publishing Authentication Scenarios
ISA Server and Web server authentication
ISA Server and Web server authentication
ISA Server authentication
ISA Server authentication
Web Server authentication
Web Server authentication
ISAServer
ISAServer
Using RADIUS for Authentication
Using RADIUS for authentication means that ISA Server can authenticate users based on their Active Directory credentials without requiring that the computer running ISA Server be a
member of an Active Directory domain
Using RADIUS for authentication means that ISA Server can authenticate users based on their Active Directory credentials without requiring that the computer running ISA Server be a
member of an Active Directory domain
RADIUS ClientRADIUS ClientRADIUS ServerRADIUS Server
DomainController
ISAServer
ISAServer
To implement RADIUS authentication:To implement RADIUS authentication:
Configure ISA Server to use the RADIUS server and configure a Web listener to use RADIUS authentication
Configure ISA Server to use the RADIUS server and configure a Web listener to use RADIUS authentication
33
Configure the Active Directory user accounts or configure remote access policies to enable dial-in access
Configure the Active Directory user accounts or configure remote access policies to enable dial-in access
22
Install and configure IAS to use Active Directory for authentication and configure the ISA Server as a RADIUS client
Install and configure IAS to use Active Directory for authentication and configure the ISA Server as a RADIUS client
11
How to Implement RADIUS Server for ISA Authentication
Lab: Configuring Access to Internal Resources
Exercise 1: Configuring ISA Server Authentication and Secure Publishing
Exercise 2: Testing the ISA Server Configuration
Den-Web-01
Internet
Den-ISA-01
Den-DC-01
Gen-Web-01
Recommended
