locked
ISA 2006 Single Network Adapter Configuration and Publishing Mail Server

Answers

  • I was able to find the answer after I ran the ISA Best Practices Tool. According to it Server publishing is not supported in single network adapter scenario.

    Jason, publishing exchange web client access is supported in single nic config. I've got OWA and ActiveSync working. Outlook RPC is one of the options in the "publish exchange web client access" wizard so that will work for you. You do need to open up the correct ports on your main firewall to your ISA machine for it to work though.

    Kirn
    • Marked as answer by KIRN0 Wednesday, February 18, 2009 7:21 PM
    Wednesday, February 18, 2009 7:20 PM

All replies

  • I have the same basic question as well. I am looking to implement Outlook RPC over HTTP as well as other SSL published apps. ISA is running behind an appliance based firewall at this time. It appears all of the documentation assumes ISA is running as your main firewall. Do I need to open up ports on our current firewall to pass to ISA directly?
    Jason
    Wednesday, February 18, 2009 1:29 PM
  • I was able to find the answer after I ran the ISA Best Practices Tool. According to it Server publishing is not supported in single network adapter scenario.

    Jason, publishing exchange web client access is supported in single nic config. I've got OWA and ActiveSync working. Outlook RPC is one of the options in the "publish exchange web client access" wizard so that will work for you. You do need to open up the correct ports on your main firewall to your ISA machine for it to work though.

    Kirn
    • Marked as answer by KIRN0 Wednesday, February 18, 2009 7:21 PM
    Wednesday, February 18, 2009 7:20 PM
  • Hello Kirno,

    Thanks for responding to my post. Did you add your ISA box to the internal domain as well? Can you select the same SSL certificate that is being used for OWA? Thanks for your time always.
    Jason
    Thursday, February 19, 2009 2:27 PM
  • Looks like this describes how to publish Exchange with a single NIC on ISA 2006:

    http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/publishing-exchange-client-access-isa-2006-complete-solution-part1.html

    But the BPA and this link here say it's not possible.  Strange.



    Mike Crowley
    Check out My Blog!

    Thursday, July 22, 2010 8:32 PM
  • This article says it's supported! 

    http://support.microsoft.com/kb/838364

    I'm taking the answer I like better; but its this article vs the BPA and the abovementioned link...



    Mike Crowley
    Check out My Blog!

    Friday, July 23, 2010 12:29 AM
  • Web publishing (which covers Exchange web services like OWA/EAS/OA) are all supported with a single NIC. Server publishing (for protocols like SMTP) requires at least two NICs.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, July 23, 2010 7:37 AM
  • Thanks for commenting!  I was hoping to use TMG as a TMG/FPE/ExchangeEdge server all-in-one.  The Exchange Edge Transport components DO have internal / external server definitions under "email policy".  Is this the same as the unsupported "smtp publishing" you mention above?

    Also, what about IMAP / POP publishing?



    Mike Crowley
    Check out My Blog!

    Friday, July 23, 2010 2:14 PM
  • Hi Mike,

    IMAP/POP3/SMTP publishing are not supported with single NIC as they all require server publishing.

    However with an Exchange Edge installed on TMG itself, it must be supported to allow inbound and outbound SMTP, but this will be using standard access rules and not publishing rules.

    The use of Exchange Edge on single NIC is not mentioned here either way: http://technet.microsoft.com/en-us/library/ee191507.aspx

    This too; http://social.technet.microsoft.com/Forums/en/Forefrontedgegeneral/thread/1feecea2-d62d-43c1-8f74-8615ea498bfc

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, July 23, 2010 3:24 PM
  • Understood.  I also had an IMAP publishing rule, which is why BPA must have triggered the warning.  Thanks for your support!



    Mike Crowley
    Check out My Blog!

    Friday, July 23, 2010 4:59 PM
  • As mentioned above my TMG server has a single NIC and is running on the same server as Exchange Edge 2010.

    How should the email policies look? 

    The "internal" network has all IP ranges on it, so how then does it determine "internal" from external traffic?  Do I just need a single SMTP route, instead of the default 2? 

    UPDATE: nevermind.  I had to adjust the listeners.  Instead of "External smtp servers" matching to the "external" network, I needed both server rules to "listen" on my private network.  TMG was smart enough to configure the remoteservers right within exchange after this.



    Mike Crowley
    Check out My Blog!

    Monday, July 26, 2010 7:11 PM
  • With single NIC, there is no concept of an "external network" as the internal network covers all IP address ranges (apart from Localhost of course). Hence you use the Internal Network object to represent everything.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, July 28, 2010 10:10 AM
  • I got this working, thanks!  I do still have an issue with this however over here: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/64672038-8009-4736-8cb3-133fe065db2c

    Mike Crowley
    Check out My Blog!

    Wednesday, July 28, 2010 8:20 PM