Introduction

One of the main reasons to deploy a ISA Server 2004 firewall is to protect Microsoft Exchange Servers. ISA Server 2004 includes a number of technologies focused on providing enhanced support to protect Microsoft Exchange Services published to the Internet. This increased level of protection for remote access to Microsoft Exchange Server services puts the ISA Server 2004 firewall in a unique position to be the firewall for Microsoft Exchange Server.

Providing secure remote access to Microsoft Exchange Server services is a complex process. Fortunately, ISA Server 2004 includes a number of wizards that walk the firewall administrator through the process of providing secure remote to Microsoft Exchange, simplifying the procedure.. .

In this ISA Server 2004 Configuration Guide document, we discuss methods you can use to provide secure remote access to the Exchange Outlook Web Access (OWA) site, the Exchange SMTP service and the Exchange POP3 service. We will assume that you have issued a Web site certificate to the OWA site, exported the certificate to a file (including the private key), and imported the Web site certificate to the ISA Server 2004 firewall’s machine certificate store. In addition, we will assume that the external client that connects to the OWA Web site through the ISA Server 2004 firewall has the CA certificate of the CA that issued the OWA site’s Web site certificate imported into its Trusted Root Certification Authorities certificate store.

Note:

Certificate issuance and deployment is beyond the scope of this ISA Server 2004 Configuration Guide document. For detailed information on deploying Web site and root CA certificates, please refer to the ISA Server 2004 Exchange Deployment Kit.

The following walkthrough discusses basic methods used to provide remote access to the OWA, SMTP and POP3 services on the Internal network Exchange Server. . In a production environment, remote access to the SMTP service would be secured using SSL and requiring use authentication. Similarly, remote access to the POP3 service would also require a secure SSL connection. We limit our discussion to non-SSL connections in the following walkthrough, for demonstration purposes only.

In addition, a number of procedures have been effected on the Exchange Server to optimize it for secure remote access OWA connections. The first chapter of this ISA Server 2004 Configuration Guide outlines these procedures. Also, the Exchange POP3 service is disabled by default and must be manually enabled.

You will need to perform the following procedures to configure the ISA Server 2004 firewall to allow remote access connections to the Exchange Server service:

Restore the system to its post-installation state

Create the OWA Web Publishing Rule

Create the SMTP Server Publishing Rule

Create the POP3 Server Publishing Rule

Test the connection

ISA Server 2004 Configuration Guide

205

Page 206 Page 208
Page 207
Image 207
Microsoft manual ISA Server 2004 Configuration Guide 205
Page 206 Page 208
Top Page Image Contents