Sign in
Microsoft.com
 
System Center Mobile Device Manager TechCenter
 
 
 
System Center Mobile Device Manager TechCenter > Mobility Forums > System Center Mobile Device Manager > ISA Server and SSL reverse proxy for mobile enrollement
Ask a questionAsk a question
Search Forums:
 

Proposed AnswerISA Server and SSL reverse proxy for mobile enrollement

  • Monday, October 26, 2009 3:57 AMRas11m Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi there Guys,

    We have got an existing ISA 2006 server with single IP address (DMZ subnet), is it possible to utilisie reverse proxy capabilities of this box for enrollment. Please bear in mind that This server is also used as a proxy for internal clients. If so what would be the best way to go about it ?

    I.e can i get the external firewall to forward SSL traffic to ISA and configure the publising rule and open 443 from isa to mdm enrollment server? 

    What i am trying to get to is whether or not we need dual nics on the ISA server?  

    Best Regards,

    Ras
     

All Replies

  • Monday, October 26, 2009 5:40 AMWayne Phillips.MVP, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Proposed Answer
    Sign In to Vote
    0
    Sign In to Vote
    Ras,
    We have got an existing ISA 2006 server with single IP address (DMZ subnet), is it possible to utilisie reverse proxy capabilities of this box for enrollment. Please bear in mind that This server is also used as a proxy for internal clients.
    Yes
    If so what would be the best way to go about it ?
    Issue an SSL certificate from your internal CA. Create a web listener. Create a Web publishing rule.
    I.e can i get the external firewall to forward SSL traffic to ISA and configure the publising rule and open 443 from isa to mdm enrollment server? 
    Yes
    What i am trying to get to is whether or not we need dual nics on the ISA server?  
    No Need for Dual NICS, even if you want to use multiple IP addresses.

    Are you using the ISA server to Publish any other content?

    Cheers Wayne
    Airloom
     
  • Monday, October 26, 2009 5:44 AMRas11m Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Thanks for that Wayne, really appreciate that mate.

    At the moment we are not but potentially OWA will be published through the same ISA server.

    Cheers mate

    Ras

     
  • Monday, October 26, 2009 5:58 AMWayne Phillips.MVP, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Ras,

    If you have OWA published through ISA then you are probably going to need an SSL certificate from a third party CA. You can only bind one certificate, to one port, on one IP address. MDM requires the web listening certificate be issued by your internal CA, so you have a dilemma.
    We've not even started on Autodiscovery or ActiveSync. These also require SSL certificates. 
    Start asking your ISP for more IP addresses.


    If this is a lab, have a look at SAN certificates... but you need to be running ISA 2006 SP1.
     

    Cheers Wayne

    Airloom