ISA 2006 Installation and Configuration Document Ver 1.0

transcript

ISA 2006

Installation and Configuration Document

Prepared for

Friday, 19 Oct 2007

Version 1.0

Prepared by

Vinod Dadhe

vinodvd@microland.net

Contributors

aslamus@microland.com

Microland & Hirco Confidential

Document: ISA 2006 Installation and Configuration Document

Revision

Change Record

Date Author Version Change reference

24th Oct 2007 Vinod Dadhe 1.0 Initial Draft Document

Reviewers

Name Version approved Position Date

1.0 Project Manager / Lead

Table of Contents

1 Executive Summary ............................................................................................................................. 4

2 Installation of Forward Proxy ISA 2006. ............................................................................................ 5

2.1 Set the rule to allow Internet Access on Forward Proxy ISA 2006. ................................................ 9

3 Installation of Reverse Proxy ISA 2006. .......................................................................................... 13

3.1 Publish Exchange 2007 with ISA Server 2006 ............................................................................. 22

3.2 Publish Secured Outlook Web Access (OWA) ............................................................................. 22

3.3 Publish Outlook Anywhere (RPC over http) ................................................................................. 33

1 EXECUTIVE SUMMARY

This document describes about the MS ISA 2006 server deployment at HIRCO. In this

document, we have detailed the procedures followed for installing and configuring MS ISA

2006 server at HIRCO.

This document outlines the following sections:

• Installation of Forward Proxy ISA 2006.

• Set the rule to allow Internet Access on Forward Proxy ISA 2006.

• Installation of Reverse Proxy ISA 2006.

• Publishing of OWA and RPC over https.

2 INSTALLATION OF FORWARD PROXY ISA 2006.

Perform the following steps to install ISA Server 2006 Enterprise Edition:

1. Insert the ISA 2006 Enterprise version CD in the CD-ROM drive & Double click on

isaautorun.exe. Click Run on following window.

2. Click on Yes to proceed.

3. In the Microsoft ISA Server 2006 Enterprise installation dialog box, click the Install ISA

Server 2006 link.

4. Click next on the Welcome to the Installation Wizard for Microsoft ISA Server 2006

5. On the License Agreement page, select the I accept the terms in the license agreement

option and click Next.

6. On the Customer Information page, enter your User Name, Organization and Product

Serial Number and click Next.

7. On the Setup Scenarios page, select the Install both ISA Server services and

Configuration Storage server option. Click Next to Proceed.

8. On the Component Selection page, accept the default settings. Click Next to Proceed.

9. On the Enterprise Installation Options page, select the Create a new ISA Server

enterprise option. Click Next to proceed.

10. Click Next on the New Enterprise Warning page.

11. On the Internal Network page, click the Add button.

12. In the Addresses dialog box, click the Add Adapter button. In the Select Network

Adapters dialog box, put a checkmark in the checkbox next to the internal interface

installed on the computer. Click Ok.

13. In the Addresses dialog box, click OK. Generally ISA firewall setup with multiple

interfaces, these addresses would define the default Internal ISA firewall Network.

14. Click Next on the Internal Network page.

15. Click Next to Proceed.

16. Click Next to proceed.

17. Click Install to finish the installation.

18. Click on Finish to complete the setup.

2.1 Set the rule to allow Internet Access on Forward Proxy ISA

Start the Microsoft Internet Security and Acceleration Server 2006 Console. Expand Arrays &

Select Firewall Policy, right click & point to New & select Access Rule as shown below

Type the Name of the Rule & Click Next.

Select Allow & Click next.

Click Add & add HTTP & HTTPS protocols as shown below. Click Next

Click Add & select Internal Network. Click Next.

Click Add & add External Network. Click Next.

Click Add & select All users/All Authenticated users & click Next.

Review the Summary & Click Finish.

3 INSTALLATION OF REVERSE PROXY ISA 2006.

Perform the following steps to install ISA Server 2006 Enterprise Edition:

1. Insert the ISA 2006 Enterprise version CD in the CD-ROM drive & Double click on

isaautorun.exe. Click Run on following window.

2. Click on Yes to proceed.

3. In the Microsoft ISA Server 2006 Enterprise installation dialog box, click the Install ISA

Server 2006 link.

4. Click next on the Welcome to the Installation Wizard for Microsoft ISA Server 2006

5. On the License Agreement page, select the I accept the terms in the license agreement

option and click Next.

6. On the Customer Information page, enter your User Name, Organization and Product

Serial Number and click Next.

7. On the Setup Scenarios page, select the Install both ISA Server services and

Configuration Storage server option. Click Next to Proceed.

8. On the Component Selection page, accept the default settings. Click Next to Proceed.

9. On the Enterprise Installation Options page, select the Create a new ISA Server

enterprise option. Click Next to proceed.

10. Click Next on the New Enterprise Warning page.

11. On the Internal Network page, click the Add button.

12. In the Addresses dialog box, click the Add Adapter button. In the Select Network

Adapters dialog box, put a checkmark in the checkbox next to the internal interface

installed on the computer. Click Ok.

13. In the Addresses dialog box, click OK. Generally ISA firewall setup with multiple

interfaces, these addresses would define the default Internal ISA firewall Network.

14. Click Next on the Internal Network page.

15. Click Next to Proceed.

16. Click Next to proceed.

17. Click Install to finish the installation.

18. Click on Finish to complete the setup.

3.1 Publish Exchange 2007 with ISA Server 2006

ISA Server 2006 is RTM since 31st July 2006 and has many new and improved features for

webserver and Server Publishing rules. One of the enhancements is the Exchange Webclient

Access Publishing rule. With ISA Server 2006 it is possible to publish version specific

Exchange Servers (including Exchange Server 2007). There are several other enhancements

like the option to change user passwords during Outlook Web Access logon. Administrators can

now customize the HTML forms for the forms based authentication and ISA supports some new

authentication types like RADIUS-OTP and LDAP. It is also possible to do some delegation of

authorization.

3.2 Publish Secured Outlook Web Access (OWA)

To Configure ISA Server 2006 for Outlook Web Access involves the following steps:

1. Start the ISA Admin Console & create the Exchange web client publishing rule as shown in

following figure.

2. Following Wizard will start. Type the Rule name as shown below & click Next to proceed.

3. Select Exchange Server 2007 & Outlook Web Access as shown below.

4. Select Publish a Single Web site or load balancer & click Next to continue.

5. Select the option as shown below & click next to proceed.

6. Type the Internal site name as extranet.hircodomain.com & type the IP address of CAS

servers as shown below & click next to continue.

7. Select the option specified below & type the extranet.hirco.com as public name

8. Now configure the web listener. Click New in the following dialog box.

9. In the following new web listener wizard, type the listener name & click next to continue

10. Select Require SSL secured connections with client option & click next to continue

11. Select the external interface as shown below & click next.

12. Select the option as specified below & click Select Certificate.

13. Select the available certificate as shown below & click select.

14. Then click next to following window to continue

15. Select the HTML Form Authentication as shown below & click next to proceed

16. Click Next to proceed

17. Click Finish to complete the Listener wizard.

18. Now continue to new exchange publishing rule wizard & select the Listener just created as

shown below & then click next to proceed.

19. Select the Basic Authentication & click next to proceed.

20. Select All Authenticated Users & click on Remove. Then Click on Add

21. Select All Users & click on Add

22. Click on Next to proceed.

23. Click OK to following warning message.

24. Click Finish to complete the wizard.

3.3 Publish Outlook Anywhere (RPC over http)

To Configure ISA Server 2006 for Outlook Anywhere involves the following steps:

1. Right Click Firewall Policy, click to new & select Exchange Web Client Access Publishing Rule

2. On the welcome page, type the Name of the rule & click next to proceed.

3. Select Exchange Server 2007 & Outlook Anywhere (RPC/HTTPS) option as shown below & click

4. Select Publish a single web site or load balancer & click next to proceed.

5. Select the Use SSL to connect … option as shown below & click next to proceed.

6. Type the internal site name & IP address of CAS Server as shown below, click Next.

7. Select the Options as specified below & type the public name & click next to proceed.

8. Select the same listener which was created earlier for OWA & click next to proceed.

9. Select the Basic authentication & click next to continue

10. Select All Authenticated Users & click on Remove. Then Click on Add

11. Select All Users & click on Add

12. Click on Next to proceed.

13. Click OK to following warning message.

14. Click Finish to complete the wizard.

ISA 2006 Installation and Configuration Document Ver 1.0

Documents