Module 7: Configuring Access to Internal Resources

Download Report

Transcript Module 7: Configuring Access to Internal Resources 

Module 7:
Configuring Access to
Internal Resources
Overview

Introduction to Publishing

Configuring Web Publishing

Configuring Server Publishing

Adding an H.323 Gatekeeper
Introduction to Publishing

Publishing Overview

Publishing Servers on a Perimeter Network

Guidelines for Using Publishing and Routing

Publishing Rules Overview
Publishing Overview
Internal Network
External Adapter
Internet
Internal Adapter
131.107.3.1
192.168.9.1
6
Web Server
www.nwtraders.msft
Publishing Servers on a Back-to-Back Perimeter
Network
LAT
Perimeter
Network
Web Server
Internet
ISA Server
ISA Server
Perimeter Network
SQL Server
LAT
Internal
Network
Internal Network
Guidelines for Using Publishing and Routing
If your network
Then use
Does not have a perimeter
network
Server publishing
Has a back-to-back perimeter
network configuration
Server publishing on both ISA Server computers
Has a three-homed perimeter
network configuration
Routing and packet filtering between the Internet
and perimeter network; server publishing
between the internal and perimeter networks
Publishing Rules Overview

Web Publishing Rules

Server Publishing Rules


Publishing a server

Publishing a mail server
Rules Available for Each Mode
Configuring Web Publishing

Publishing a Web Server

Configuring Listeners for Incoming Web Requests

Redirecting Requests to Other Ports

Establishing Secure Communication

Configuring SSL Bridging

Requiring a Secure Channel
Publishing a Web Server
www.nwtraders.msft/africa
www.nwtraders.msft/europe
Internet
ISA Server
Europe
europe.internal.nwtraders.msft
Africa
africa.internal.nwtraders.msft
Internal Network
Configuring Listeners for Incoming Web Requests
LONDON Properties
General
Incoming Web Requests
Outgoing Web Requests
Auto Discovery Performance
Security
Identification
Use the same listener configuration for all internal IP addresses.
Configure listeners individually per IP address
Server
IP Address Display N… Authentic…
PHOENIX <All internal
Integrated
Remove
Add…
TCP port:
80
SSL port:
443
Server C…
Edit…
Server:
LONDON
IP Address:
131.107.3.1
Display Name:
PartnerWeb
Use a server certificate to authenticate to web clients
Select…
Authentication
Basic with this domain:
Enable SSL listeners
Connections
Connection settings:
Ask unauthenticated users for identification
Add/Edit Listeners
Select domain…
Digest with this domain:
Configure…
Select domain…
Integrated
Client certificate (secure channel only)
OK
OK
Cancel
Apply
Cancel
Redirecting Requests to Other Ports
PartnerWeb Properties
General Destinations Action Bridging Applies To
Use this page to specify whether the request should be discarded or
redirected, and configure the hosted site to which this rule redirects.
Discard the request.
Type the IP
address or DNS
name of the
published server.
Redirect the request to this internal Web server (name or IP
address):
Browse…
London
Send the original host header to the publishing server instead of
the actual one (specified above).
Define ports this rule redirects to
Connect to this port when bridging request as HTTP:
80
Connect to this port when bridging request as SSL:
443
Connect to this port when bridging request as FTP:
21
OK
Cancel
Apply
Establishing Secure Communication
Add/Edit Listeners
Server:
LONDON
IP Address:
131.107.3.1
Display Name:
Partner Web
Use a server certificate to authenticate to web clients
Select…
Authentication
Basic with this domain:
Select Certificate
Select domain…
Digest with this domain:
Select domain…
vancouver.nam… Northwind Tra…
vancouver.nam… Northwind Tra…
Integrated
Client certificate (secure channel only)
OK
Select a certificate form the list of certificates available on the specified
server:
Certificates:
Issued To
Issued By
Expiration Date Friendly Name
10/12/2002
10/12/2002
Partner Web…
Public Web Site
Cancel
OK
Cancel
Configuring SSL Bridging
PartnerWeb Properties
General Destinations Action Bridging Applies To
Redirect HTTP requests as:
HTTP requests
SSL requests (establish a secure channel to the site)
FTP requests
Select to redirect
SSL requests as
HTTP requests.
Redirect SSL requests as:
HTTP requests (terminate the secure channel at the proxy)
SSL requests (establish a secure channel to the site)
FTP requests
Require secure channel (SSL) for published site
Select to
authenticate the ISA
Server by using a
certificate.
Require 128-bit encryption
Use a certificate to authenticate to the SSL Web server
Select…
OK
Cancel
Apply
Requiring a Secure Channel
PartnerWeb Properties
General Destinations Action
Bridging
Applies To
Redirect HTTP requests as:
HTTP requests
SSL requests (establish a secure channel to the site)
FTP requests
Redirect SSL requests as:
HTTP requests (terminate the secure channel at the proxy)
SSL requests (establish a secure channel to the site)
Select to require a
secure channel for
Web requests.
FTP requests
Require secure channel (SSL) for published site
Select for a higher
level of security.
Require 128-bit encryption
Use a certificate to authenticate to the SSL Web server
Select…
OK
Cancel
Cancel
Configuring Server Publishing

Publishing a Server

Publishing a Mail Server

Configuring the Message Screener
Publishing a Server
Start
Name the Rule
Specify Address Mapping
Select a Protocol Setting
Select a Client Type
Finish
Publishing a Mail Server
Mail Server Security Wizard
Mail Services Selection
Select the mail services that you would like to publish to your external users
Publish these mail services:
Select to apply
content filtering to
incoming SMTP traffic.
Default
Authentication
SSL
Authentication
Incoming SMTP
Apply content filtering
Outgoing SMTP
Incoming Microsoft Exchange/Outlook
Incoming POP3
Incoming IMAP4
Incoming NNTP
< Back
Next >
Cancel
Configuring the Message Screener

Running the Message Screener on the ISA Server
Computer

Running the Message Screener on a Separate Computer
Adding an H.323 Gatekeeper

H.323 Overview

How the H.323 Gatekeeper Works

Adding and Configuring an H.323 Gatekeeper
H.323 Overview
Internet
H.323
Gateway
The H.323 standard defines:

How connections are established

How two devices initiate communications with each
other

How data is transmitted over a network

How audio and video codec components encode
and decode input/output
Client
Client
How the H.323 Gatekeeper Works
DNS
SRV
_Q931_tcp.contoso.msft
24.0.0.10
SRV
_Q931_tcp.nwtraders.msft
136.0.0.1
3
Gatekeeper
24.0.0.10
2
Internet
4
5
[email protected]
10.0.0.9
ISA H.323 Gateway
136.0.0.1
[email protected]
192.168.0.10
1
Origination Endpoint
Destination Endpoint
Adding and Configuring an H.323 Gatekeeper
ISA Management
Action View
Add gatekeeper…
View
Gatekeeper
 celeration Server
Help
Monitoring
Server
Access Policy
Publishing
Bandwidth Rules
Policy Elements
Cache Configuration
Monitoring Configuration
Extensions
Application Filters
Web Filters
Network Configuration
Client Configuration
H323 Gatekeepers
Status
LONDON
Normal
Add Gatekeeper
Select a computer running H.323 Gatekeeper that you want to add
Gatekeeper computer:
This computer
Another computer
OK
Cancel
Description
Lab A: Configuring Access to Internal Resources
Review

Introduction to Publishing

Configuring Web Publishing

Configuring Server Publishing

Adding an H.323 Gatekeeper