ISA Server 2006 SSL VPN / OWA Scenario



    Hi all,
    I have a rather interesting scenario that I’m hoping one of you here can help me to iron out. Given that I am not able to acquire a static ip from my isp I’ve had to put in front of my isa box a nat device (linksys) and forward all traffic to isa via port forwarding rules…..where as I mention begins to get interesting.
    I’ve published owa, without incident and would like to publish an ssl vpn server as outlined in Tom’s tutorial. The problem is while I can send traffic bound to and for port 443 to the two separate address that I have bound to the external nic of the isa server and publish the rules accordingly, I have no way via the linksys to say that traffic destined for owa needs to go to .2 and traffic bound for sstp needs to go to .3 , so in short the linksys is getting in the way.
    Now before any of you ask why I am putting a nat device in front of isa, let me say this….several documents on this site make reference to all nics being pointed to an internal dns server and that dns server routing the name service to the external world via dns rules. If I have a dynamic ip assigned to my external nic them (from what I understand…and correct me if I’m wrong) I can’t point to my internal dns and maintain my dynamic setting.
    My thoughts are this….and this is where I’m asking for some assistance. From what I understand 1443 can be used as a non-standard ssl port. With that I wonder if one or some of you can shed some light on this for me……if I assign this to the owa rule, will I need to enter the port number in the url? If so I’m not really interested in that………
    Or can I assign 1443 to the vpn publishing rule (on the external end…..and route to 443 on the internal) and somehow setup the vpn client to use 1443…..I suppose there is one more option where the tutorial that speaks of using basic and forms based authentication on a single listener with a single ip could be used to resolve this issue…..but I don’t know.
    Thank you in advance
    Wednesday, April 30, 2008 5:31 PM



    I'm sorry to have to inform you this is most likely not the most suitable place to ask your question. This forum is dedicated to Server Core installation of Windows Server 2008. These installation are specialized high-performance low-maintenance installations of Windows Server 2008 without most of the Graphical User Interface stuff found in normal (Full) installations of Windows Server. Most of the people here will not have Windows Server 2003 running and will not likely be able to answer your question.


    Server Core installations of Windows Server 2008 are unable to provide Routing and Remote Access services. Running ISA Server on Windows Server 2008 is not supported.


    More likely places to get answers to your question include:

    (but are not limited to)

    Wednesday, April 30, 2008 8:16 PM