1 / 24

Module 7: Configuring Access to Internal Resources

Module 7: Configuring Access to Internal Resources. Overview. Introduction to Publishing Configuring Web Publishing Configuring Server Publishing Adding an H.323 Gatekeeper. Introduction to Publishing. Publishing Overview Publishing Servers on a Perimeter Network

Download Presentation

Module 7: Configuring Access to Internal Resources

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Module 7:Configuring Access to Internal Resources

  2. Overview • Introduction to Publishing • Configuring Web Publishing • Configuring Server Publishing • Adding an H.323 Gatekeeper

  3. Introduction to Publishing • Publishing Overview • Publishing Servers on a Perimeter Network • Guidelines for Using Publishing and Routing • Publishing Rules Overview

  4. Publishing Overview 6 Internal Network External Adapter Internal Adapter 131.107.3.1 Internet 192.168.9.1 Web Server www.nwtraders.msft

  5. Publishing Servers on a Back-to-Back Perimeter Network LATPerimeterNetwork Web Server Internet ISA Server ISA Server Perimeter Network SQL Server LATInternal Network Internal Network

  6. Guidelines for Using Publishing and Routing If your network Then use Does not have a perimeter network Server publishing Has a back-to-back perimeter network configuration Server publishing on both ISA Server computers Has a three-homed perimeter network configuration Routing and packet filtering between the Internet and perimeter network; server publishing between the internal and perimeter networks

  7. Publishing Rules Overview • Web Publishing Rules • Server Publishing Rules • Publishing a server • Publishing a mail server • Rules Available for Each Mode

  8. Configuring Web Publishing • Publishing a Web Server • Configuring Listeners for Incoming Web Requests • Redirecting Requests to Other Ports • Establishing Secure Communication • Configuring SSL Bridging • Requiring a Secure Channel

  9. Africa Europe Publishing a Web Server www.nwtraders.msft/africa www.nwtraders.msft/europe Internet ISA Server europe.internal.nwtraders.msft africa.internal.nwtraders.msft Internal Network

  10. Incoming Web Requests Auto Discovery Performance Security Add/Edit Listeners Server: LONDON IP Address: 131.107.3.1 Display Name: PartnerWeb Use a server certificate to authenticate to web clients Select… Authentication Basic with this domain: Digest with this domain: Integrated Client certificate (secure channel only) Select domain… Select domain… OK Cancel Configuring Listeners for Incoming Web Requests LONDON Properties General Outgoing Web Requests Identification Use the same listener configuration for all internal IP addresses. Configure listeners individually per IP address Server IP Address Display N… Authentic… Server C… PHOENIX <All internal Integrated Remove Edit… Add… TCP port: 80 SSL port: 443 Enable SSL listeners Connections Connection settings: Configure… Ask unauthenticated users for identification OK Cancel Apply

  11. Redirecting Requests to Other Ports PartnerWeb Properties General Destinations Action Bridging Applies To Use this page to specify whether the request should be discarded orredirected, and configure the hosted site to which this rule redirects. Discard the request. Type the IP address or DNS name of the published server. Redirect the request to this internal Web server (name or IP address): Browse… London Send the original host header to the publishing server instead of the actual one (specified above). Define ports this rule redirects to Connect to this port when bridging request as HTTP: 80 Connect to this port when bridging request as SSL: 443 Connect to this port when bridging request as FTP: 21 OK Cancel Apply

  12. Select Certificate Select a certificate form the list of certificates available on the specified server: Certificates: Issued To Issued By Expiration Date Friendly Name vancouver.nam… Northwind Tra… 10/12/2002 Partner Web… vancouver.nam… Northwind Tra… 10/12/2002 Public Web Site OK Cancel Establishing Secure Communication Add/Edit Listeners Server: LONDON IP Address: 131.107.3.1 Display Name: Partner Web Use a server certificate to authenticate to web clients Select… Authentication Basic with this domain: Digest with this domain: Integrated Client certificate (secure channel only) Select domain… Select domain… OK Cancel

  13. Configuring SSL Bridging PartnerWeb Properties General Destinations Action Bridging Applies To Redirect HTTP requests as: HTTP requests SSL requests (establish a secure channel to the site) FTP requests Select to redirect SSL requests as HTTP requests. Redirect SSL requests as: HTTP requests (terminate the secure channel at the proxy) SSL requests (establish a secure channel to the site) FTP requests Require secure channel (SSL) for published site Require 128-bit encryption Select to authenticate the ISA Server by using a certificate. Use a certificate to authenticate to the SSL Web server Select… OK Cancel Apply

  14. Requiring a Secure Channel PartnerWeb Properties General Destinations Action Bridging Applies To Redirect HTTP requests as: HTTP requests SSL requests (establish a secure channel to the site) FTP requests Redirect SSL requests as: HTTP requests (terminate the secure channel at the proxy) SSL requests (establish a secure channel to the site) FTP requests Select to require a secure channel for Web requests. Require secure channel (SSL) for published site Select for a higher level of security. Require 128-bit encryption Use a certificate to authenticate to the SSL Web server Select… OK Cancel Cancel

  15. Configuring Server Publishing • Publishing a Server • Publishing a Mail Server • Configuring the Message Screener

  16. Publishing a Server Start Name the Rule Specify Address Mapping Select a Protocol Setting Select a Client Type Finish

  17. Mail Server Security Wizard Mail Services Selection Select the mail services that you would like to publish to your external users SSLAuthentication DefaultAuthentication Publish these mail services: Incoming SMTP Apply content filtering Outgoing SMTP Incoming Microsoft Exchange/Outlook Incoming POP3 Incoming IMAP4 Incoming NNTP < Back Next > Cancel Publishing a Mail Server Select to apply content filtering to incoming SMTP traffic.

  18. Configuring the Message Screener • Running the Message Screener on the ISA Server Computer • Running the Message Screener on a Separate Computer

  19. Adding an H.323 Gatekeeper • H.323 Overview • How the H.323 Gatekeeper Works • Adding and Configuring an H.323 Gatekeeper

  20. H.323 Overview The H.323 standard defines: • How connections are established • How two devices initiate communications with each other • How data is transmitted over a network • How audio and video codec components encode and decode input/output Internet H.323 Gateway Client Client

  21. 3 NetMeeting queries DNS to find Gatekeeper Returns IP address to John’s computer 2 4 5 1 How the H.323 Gatekeeper Works SRV _Q931_tcp.contoso.msft 24.0.0.10 DNS SRV _Q931_tcp.nwtraders.msft 136.0.0.1 Gatekeeper 24.0.0.10 Internet john@nwtraders.msft 10.0.0.9 ISA H.323 Gateway 136.0.0.1 susan@contoso.msft 192.168.0.10 Origination Endpoint Destination Endpoint

  22. ISA Management Action View Add gatekeeper… Gatekeeper Status Description LONDON Normal View  celeration Server Monitoring Server Access Policy Publishing Bandwidth Rules Policy Elements Cache Configuration Monitoring Configuration Extensions Application Filters Web Filters Network Configuration Client Configuration H323 Gatekeepers Help Add Gatekeeper Select a computer running H.323 Gatekeeper that you want to add Gatekeeper computer: This computer Another computer OK Cancel Adding and Configuring an H.323 Gatekeeper

  23. Lab A: Configuring Access to Internal Resources

  24. Review • Introduction to Publishing • Configuring Web Publishing • Configuring Server Publishing • Adding an H.323 Gatekeeper

More Related