Have installed Hardware Firewall and removed ISA 2004 - Activesync? > Small Business Server Support Forum

ForumsSurveysChat

Support

Forum

Download

About

Registered users

	Membership:
	Latest:jenisa villarin
	New Today:13
	New Yesterday:9
	Overall:23322

Private messaging

You must be logged in to use this module.

Top 10 posters

Name	Posts
Mariette Knap	12890
Marina Roos	12507
Eriq Neale	2114
Stan Guinn	1913
Michael Patrick	1912
Robert Pearman	1770
Nick Pieters	1425
Stewart Brown	616
william warren	598
Kevin D.	579

Articles

»	Antivirus
»	Backup and restore
»	BlackBerry
»	Branch offices
»	Configuring routers
»	CRM
»	Exchange Server 2000
»	Exchange Server 2003
»	Exchange Server 2007
»	ISA Server 2000
»	ISA Server 2004
»	Macintosh integration
»	Network configuration
»	Planning and installing your SBS server
»	Press releases
»	Project server
»	Public articles
»	Remote Access
»	SBS 2000
»	SBS 2003
»	SBS 2003 R2
»	SBS 2008
»	Securing your SBS 2003 network
»	Server issues
»	Service Packs
»	Sharepoint
»	SQL 2000
»	SQL 2005
»	SQL 2008
»	Subscriber articles
»	Terminal Servers
»	Third party solutions
»	Workstations

View all articles

Welcome unauthorized visitor

If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.

Small Business Server Support Forum

Unanswered Active Topics

Forums Search

Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004

Subject: Have installed Hardware Firewall and removed ISA 2004 - Activesync?

Prev Next

You are not authorized to post a reply.

Author

Messages

Miles Gaynor User is Offline

United Kingdom
Member since
9/9/2008

Registered Users
Posts: 12

9/09/2008 01:19 PM
Folks, in preparation for SBS2008 (and due to some heavy VPN requirements) I have installed a Cisco ASA 5510. This is great and works just fine. During the installation I removed ISA 2004 and the MS proxy clients from user's machines. DHCP now sets the default gateway to 10.0.0.1 (the internal interface of the 5510) and all is peachy. BUT, what should I do about activesync? I have a small public IP range, and I could set up DNS on one of them for OMA/OWA and port forward SSL from that IP to the sbsserver, but how secure would this be? My concern is that without ISA on the sbsserver it would be pretty much naked. Can I use the SSL certificates to prevent unknown devices from connecting to my sbsserver? alternatively: I already have a mail DMZ in which I am running a spam filter/mail proxy. I am considering re-enabling the second network card on my sbsserver and reinstalling ISA with the external interface living in the mail DMZ. This would mean that the sbsserver box isn't quite as naked since it is running ISA server and can inspect whatever ssl connections it receives. I have to admit that I am fuzzy on the capabilities of ISA in this area, but since we were OK with ISA before, surely we would be fine with it again? Could someone advise me on what would be the preferable route? Of course, I've lost the original installation media and SP-1 and MS have sent me a replacement set with ISA2000 on it so that is an added complication :/ Thanks Miles

Miles Gaynor User is Offline

United Kingdom
Member since
9/9/2008

Registered Users
Posts: 12

9/17/2008 01:39 PM
An update. I have been playing around and have set a static NAT rule to the sbsserver from a public IP address and restricted traffic to https only. I now get told that my IP address is not allowed to connect to the server by IIS. This is fair enough, the default website is set to deny connections from anything but 127.0.0.1 and 10.0.0.2/24. The quick fix appears to be to allow connections from anywhere to the default web site - but this looks to be risky. Could someone confirm or deny? Thanks Miles

Marina Roos User is Offline

The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507

9/17/2008 06:57 PM

Hi Miles,

Did you run CEICW?

Please, post an ipconfig /all from the server and a workstation. Open a command prompt by opening Start -> Run from the Start Menu and type cmd. From the command prompt type ipconfig /all >ip.txt. Attach this file to your answer.

Marina Roos Smallbizserver.Net Administrator

Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'

You are not authorized to post a reply.

Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004 > Have installed Hardware Firewall and removed ISA 2004 - Activesync?

ActiveForums 3.7

Forum policy

These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:

No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
No Flaming or Trolling.
No Profanity, Racism, or Prejudice.
Site Moderators have the final word on approving/removing a thread or post or comment.