ISA Server 2004 Configuration Guide 205
Introduction
One of the main reasons to deploy a ISA Server 2004 firewall is to protect Microsoft
Exchange Servers. ISA Server 2004 includes a number of technologies focused on providing
enhanced support to protect Microsoft Exchange Services published to the Internet. This
increased level of protection for remote access to Microsoft Exchange Server services puts
the ISA Server 2004 firewall in a unique position to be the firewall for Microsoft Exchange
Server.
Providing secure remote access to Microsoft Exchange Server services is a complex process.
Fortunately, ISA Server 2004 includes a number of wizards that walk the firewall administrator
through the process of providing secure remote to Microsoft Exchange, simplifying the
procedure.. .
In this ISA Server 2004 Configuration Guide document, we discuss methods you can use to
provide secure remote access to the Exchange Outlook Web Access (OWA) site, the
Exchange SMTP service and the Exchange POP3 service. We will assume that you have
issued a Web site certificate to the OWA site, exported the certificate to a file (including the
private key), and imported the Web site certificate to the ISA Server 2004 firewall’s machine
certificate store. In addition, we will assume that the external client that connects to the OWA
Web site through the ISA Server 2004 firewall has the CA certificate of the CA that issued the
OWA site’s Web site certificate imported into its Trusted Root Certification Authorities
certificate store.
• Note:
Certificate issuance and deployment is beyond the scope of this ISA Server 2004
Configuration Guide document. For detailed information on deploying Web site and root
CA certificates, please refer to the ISA Server 2004 Exchange Deployment Kit.
The following walkthrough discusses basic methods used to provide remote access to the
OWA, SMTP and POP3 services on the Internal network Exchange Server. . In a production
environment, remote access to the SMTP service would be secured using SSL and requiring
use authentication. Similarly, remote access to the POP3 service would also require a secure
SSL connection. We limit our discussion to non-SSL connections in the following walkthrough,
for demonstration purposes only.
In addition, a number of procedures have been effected on the Exchange Server to optimize it
for secure remote access OWA connections. The first chapter of this ISA Server 2004
Configuration Guide outlines these procedures. Also, the Exchange POP3 service is
disabled by default and must be manually enabled.
You will need to perform the following procedures to configure the ISA Server 2004 firewall to
allow remote access connections to the Exchange Server service:
• Restore the system to its post-installation state
• Create the OWA Web Publishing Rule
• Create the SMTP Server Publishing Rule
• Create the POP3 Server Publishing Rule
• Test the connection
