240 likes | 359 Views
Module 7: Configuring Access to Internal Resources. Overview. Introduction to Publishing Configuring Web Publishing Configuring Server Publishing Adding an H.323 Gatekeeper. Introduction to Publishing. Publishing Overview Publishing Servers on a Perimeter Network
E N D
Overview • Introduction to Publishing • Configuring Web Publishing • Configuring Server Publishing • Adding an H.323 Gatekeeper
Introduction to Publishing • Publishing Overview • Publishing Servers on a Perimeter Network • Guidelines for Using Publishing and Routing • Publishing Rules Overview
Publishing Overview 6 Internal Network External Adapter Internal Adapter 131.107.3.1 Internet 192.168.9.1 Web Server www.nwtraders.msft
Publishing Servers on a Back-to-Back Perimeter Network LATPerimeterNetwork Web Server Internet ISA Server ISA Server Perimeter Network SQL Server LATInternal Network Internal Network
Guidelines for Using Publishing and Routing If your network Then use Does not have a perimeter network Server publishing Has a back-to-back perimeter network configuration Server publishing on both ISA Server computers Has a three-homed perimeter network configuration Routing and packet filtering between the Internet and perimeter network; server publishing between the internal and perimeter networks
Publishing Rules Overview • Web Publishing Rules • Server Publishing Rules • Publishing a server • Publishing a mail server • Rules Available for Each Mode
Configuring Web Publishing • Publishing a Web Server • Configuring Listeners for Incoming Web Requests • Redirecting Requests to Other Ports • Establishing Secure Communication • Configuring SSL Bridging • Requiring a Secure Channel
Africa Europe Publishing a Web Server www.nwtraders.msft/africa www.nwtraders.msft/europe Internet ISA Server europe.internal.nwtraders.msft africa.internal.nwtraders.msft Internal Network
Incoming Web Requests Auto Discovery Performance Security Add/Edit Listeners Server: LONDON IP Address: 131.107.3.1 Display Name: PartnerWeb Use a server certificate to authenticate to web clients Select… Authentication Basic with this domain: Digest with this domain: Integrated Client certificate (secure channel only) Select domain… Select domain… OK Cancel Configuring Listeners for Incoming Web Requests LONDON Properties General Outgoing Web Requests Identification Use the same listener configuration for all internal IP addresses. Configure listeners individually per IP address Server IP Address Display N… Authentic… Server C… PHOENIX <All internal Integrated Remove Edit… Add… TCP port: 80 SSL port: 443 Enable SSL listeners Connections Connection settings: Configure… Ask unauthenticated users for identification OK Cancel Apply
Redirecting Requests to Other Ports PartnerWeb Properties General Destinations Action Bridging Applies To Use this page to specify whether the request should be discarded orredirected, and configure the hosted site to which this rule redirects. Discard the request. Type the IP address or DNS name of the published server. Redirect the request to this internal Web server (name or IP address): Browse… London Send the original host header to the publishing server instead of the actual one (specified above). Define ports this rule redirects to Connect to this port when bridging request as HTTP: 80 Connect to this port when bridging request as SSL: 443 Connect to this port when bridging request as FTP: 21 OK Cancel Apply
Select Certificate Select a certificate form the list of certificates available on the specified server: Certificates: Issued To Issued By Expiration Date Friendly Name vancouver.nam… Northwind Tra… 10/12/2002 Partner Web… vancouver.nam… Northwind Tra… 10/12/2002 Public Web Site OK Cancel Establishing Secure Communication Add/Edit Listeners Server: LONDON IP Address: 131.107.3.1 Display Name: Partner Web Use a server certificate to authenticate to web clients Select… Authentication Basic with this domain: Digest with this domain: Integrated Client certificate (secure channel only) Select domain… Select domain… OK Cancel
Configuring SSL Bridging PartnerWeb Properties General Destinations Action Bridging Applies To Redirect HTTP requests as: HTTP requests SSL requests (establish a secure channel to the site) FTP requests Select to redirect SSL requests as HTTP requests. Redirect SSL requests as: HTTP requests (terminate the secure channel at the proxy) SSL requests (establish a secure channel to the site) FTP requests Require secure channel (SSL) for published site Require 128-bit encryption Select to authenticate the ISA Server by using a certificate. Use a certificate to authenticate to the SSL Web server Select… OK Cancel Apply
Requiring a Secure Channel PartnerWeb Properties General Destinations Action Bridging Applies To Redirect HTTP requests as: HTTP requests SSL requests (establish a secure channel to the site) FTP requests Redirect SSL requests as: HTTP requests (terminate the secure channel at the proxy) SSL requests (establish a secure channel to the site) FTP requests Select to require a secure channel for Web requests. Require secure channel (SSL) for published site Select for a higher level of security. Require 128-bit encryption Use a certificate to authenticate to the SSL Web server Select… OK Cancel Cancel
Configuring Server Publishing • Publishing a Server • Publishing a Mail Server • Configuring the Message Screener
Publishing a Server Start Name the Rule Specify Address Mapping Select a Protocol Setting Select a Client Type Finish
Mail Server Security Wizard Mail Services Selection Select the mail services that you would like to publish to your external users SSLAuthentication DefaultAuthentication Publish these mail services: Incoming SMTP Apply content filtering Outgoing SMTP Incoming Microsoft Exchange/Outlook Incoming POP3 Incoming IMAP4 Incoming NNTP < Back Next > Cancel Publishing a Mail Server Select to apply content filtering to incoming SMTP traffic.
Configuring the Message Screener • Running the Message Screener on the ISA Server Computer • Running the Message Screener on a Separate Computer
Adding an H.323 Gatekeeper • H.323 Overview • How the H.323 Gatekeeper Works • Adding and Configuring an H.323 Gatekeeper
H.323 Overview The H.323 standard defines: • How connections are established • How two devices initiate communications with each other • How data is transmitted over a network • How audio and video codec components encode and decode input/output Internet H.323 Gateway Client Client
3 NetMeeting queries DNS to find Gatekeeper Returns IP address to John’s computer 2 4 5 1 How the H.323 Gatekeeper Works SRV _Q931_tcp.contoso.msft 24.0.0.10 DNS SRV _Q931_tcp.nwtraders.msft 136.0.0.1 Gatekeeper 24.0.0.10 Internet john@nwtraders.msft 10.0.0.9 ISA H.323 Gateway 136.0.0.1 susan@contoso.msft 192.168.0.10 Origination Endpoint Destination Endpoint
ISA Management Action View Add gatekeeper… Gatekeeper Status Description LONDON Normal View celeration Server Monitoring Server Access Policy Publishing Bandwidth Rules Policy Elements Cache Configuration Monitoring Configuration Extensions Application Filters Web Filters Network Configuration Client Configuration H323 Gatekeepers Help Add Gatekeeper Select a computer running H.323 Gatekeeper that you want to add Gatekeeper computer: This computer Another computer OK Cancel Adding and Configuring an H.323 Gatekeeper
Review • Introduction to Publishing • Configuring Web Publishing • Configuring Server Publishing • Adding an H.323 Gatekeeper