Download presentation
Presentation is loading. Please wait.
Published byDwight Morel Modified over 9 years ago
1
Module 7: Configuring Access to Internal Resources
2
Overview Introduction to Publishing Configuring Web Publishing Configuring Server Publishing Adding an H.323 Gatekeeper
3
Introduction to Publishing Publishing Overview Publishing Servers on a Perimeter Network Guidelines for Using Publishing and Routing Publishing Rules Overview
4
Publishing Overview 6 Internet 192.168.9.1 131.107.3.1 www.nwtraders.msft External Adapter Internal Adapter Web Server Internal Network
5
Publishing Servers on a Back-to-Back Perimeter Network LAT Internal Network LAT Perimeter Network Web Server SQL Server Internal Network Perimeter Network ISA Server Internet
6
Guidelines for Using Publishing and Routing If your network Does not have a perimeter network Has a back-to-back perimeter network configuration Has a three-homed perimeter network configuration Then use Server publishing Server publishing on both ISA Server computers Routing and packet filtering between the Internet and perimeter network; server publishing between the internal and perimeter networks
7
Publishing Rules Overview Web Publishing Rules Server Publishing Rules Publishing a server Publishing a mail server Rules Available for Each Mode
8
Configuring Web Publishing Publishing a Web Server Configuring Listeners for Incoming Web Requests Redirecting Requests to Other Ports Establishing Secure Communication Configuring SSL Bridging Requiring a Secure Channel
9
Publishing a Web Server Internet africa.internal.nwtraders.msft www.nwtraders.msft/africa europe.internal.nwtraders.msft Internal Network ISA Server www.nwtraders.msft/europe Africa Europe
10
Configuring Listeners for Incoming Web Requests LONDON Properties General OKCancel Edit… Apply Enable SSL listeners TCP port:80 SSL port: 443 Connections Outgoing Web Requests Incoming Web Requests Security PerformanceAuto Discovery Identification Use the same listener configuration for all internal IP addresses. Configure listeners individually per IP address ServerIP AddressDisplay N… Authentic…Server C… PHOENIX<All internal Integrated Remove Add… Configure… Connection settings: Ask unauthenticated users for identification CancelOK Server: LONDON IP Address: 131.107.3.1 Display Name:PartnerWeb Use a server certificate to authenticate to web clients Authentication Basic with this domain: Digest with this domain: Integrated Client certificate (secure channel only) Select… Select domain… Add/Edit Listeners Select domain…
11
Redirecting Requests to Other Ports PartnerWeb Properties General OKCancel Use this page to specify whether the request should be discarded or redirected, and configure the hosted site to which this rule redirects. DestinationsActionApplies To Discard the request. Bridging Redirect the request to this internal Web server (name or IP address): London ApplyApply Browse… Send the original host header to the publishing server instead of the actual one (specified above). Connect to this port when bridging request as HTTP:80 Connect to this port when bridging request as SSL:443 Connect to this port when bridging request as FTP:21 Type the IP address or DNS name of the published server. Define ports this rule redirects to
12
Establishing Secure Communication Select Certificate Select a certificate form the list of certificates available on the specified server: Certificates: Cancel OK Issued ToIssued By Expiration Date Friendly Name vancouver.nam…Northwind Tra… 10/12/2002 Partner Web… vancouver.nam…Northwind Tra… 10/12/2002 Public Web Site CancelOK Server: LONDON IP Address: 131.107.3.1 Display Name:Partner Web Use a server certificate to authenticate to web clients Authentication Basic with this domain: Digest with this domain: Integrated Client certificate (secure channel only) Select… Select domain… Add/Edit Listeners Select domain…
13
Configuring SSL Bridging PartnerWeb Properties OKCancel Redirect HTTP requests as: HTTP requests SSL requests (establish a secure channel to the site) FTP requests Apply Redirect SSL requests as: HTTP requests (terminate the secure channel at the proxy) SSL requests (establish a secure channel to the site) FTP requests Require secure channel (SSL) for published site Require 128-bit encryption Select to authenticate the ISA Server by using a certificate. Select to redirect SSL requests as HTTP requests. GeneralDestinationsActionApplies ToBridging Use a certificate to authenticate to the SSL Web server Select…
14
Requiring a Secure Channel PartnerWeb Properties General OKCancel DestinationsActionApplies To Redirect HTTP requests as: Bridging HTTP requests SSL requests (establish a secure channel to the site) FTP requests Cancel Select… Redirect SSL requests as: HTTP requests (terminate the secure channel at the proxy) SSL requests (establish a secure channel to the site) FTP requests Require secure channel (SSL) for published site Require 128-bit encryption Use a certificate to authenticate to the SSL Web server Select for a higher level of security. Select to require a secure channel for Web requests.
15
Configuring Server Publishing Publishing a Server Publishing a Mail Server Configuring the Message Screener
16
Publishing a Server Name the Rule Specify Address Mapping Select a Protocol Setting Select a Client Type StartStart FinishFinish
17
Publishing a Mail Server Mail Server Security Wizard Mail Services Selection Select the mail services that you would like to publish to your external users < Back Publish these mail services: Default Authentication SSL Authentication Incoming SMTP Apply content filtering Outgoing SMTP Incoming Microsoft Exchange/Outlook Incoming POP3 Incoming IMAP4 Incoming NNTP Next >Cancel Select to apply content filtering to incoming SMTP traffic.
18
Configuring the Message Screener Running the Message Screener on the ISA Server Computer Running the Message Screener on a Separate Computer
19
Adding an H.323 Gatekeeper H.323 Overview How the H.323 Gatekeeper Works Adding and Configuring an H.323 Gatekeeper
20
H.323 Overview Internet H.323 Gateway Client The H.323 standard defines: How connections are established How two devices initiate communications with each other How data is transmitted over a network How audio and video codec components encode and decode input/output
21
How the H.323 Gatekeeper Works DNS Origination Endpoint Destination Endpoint SRV _Q931_tcp.contoso.msft 24.0.0.10 SRV _Q931_tcp.contoso.msft 24.0.0.10 SRV _Q931_tcp.nwtraders.msft 136.0.0.1 SRV _Q931_tcp.nwtraders.msft 136.0.0.1 11 NetMeeting queries DNS to find Gatekeeper 22 33 Returns IP address to John’s computer 44 Internet john@nwtraders.msft 10.0.0.9 john@nwtraders.msft 10.0.0.9 ISA H.323 Gateway 136.0.0.1 ISA H.323 Gateway 136.0.0.1 Gatekeeper 24.0.0.10 Gatekeeper 24.0.0.10 55 susan@contoso.msft 192.168.0.10 susan@contoso.msft 192.168.0.10
22
Adding and Configuring an H.323 Gatekeeper ISA Management ActionView GatekeeperStatusDescription celeration Server Monitoring Server Access Policy Publishing Bandwidth Rules Policy Elements Cache Configuration Monitoring Configuration Extensions Application Filters Web Filters Network Configuration Client Configuration H323 Gatekeepers LONDON Normal Add gatekeeper… View Help Add Gatekeeper Select a computer running H.323 Gatekeeper that you want to add OKCancel Gatekeeper computer: This computer Another computer
23
Lab A: Configuring Access to Internal Resources
24
Review Introduction to Publishing Configuring Web Publishing Configuring Server Publishing Adding an H.323 Gatekeeper
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.