1. | Open the ISA Management Console and navigate to the Firewall Policy node in the console pane.
|
2. | On the Tasks tab of the tasks pane, click the Publish Exchange Web Client Access link.
|
3. | Enter a descriptive name in the welcome dialog box, such as ActiveSync Rule, and click Next.
|
4. | In the Select Services dialog box, shown in Figure 1,
change the Exchange Server version to Exchange Server 2007 (this works
for Exchange Server 2010 as well), and then check the Exchange
ActiveSync check box. Click Next to continue.
|
5. | In the Publishing Type dialog box, click the Publish a Single Web Site or Load Balancer, and click Next to continue.
|
6. | In the Server Connection Security dialog box, shown in Figure 2,
click the Use SSL to Connect to the Published Web Server or Server Farm
option. This creates an end-to-end SSL connection. Click Next to
continue.
|
7. | For the internal site name, enter the FQDN that clients use to connect to the CAS, as shown in Figure 3.
In this case, the name should match what the external clients use, as
problems can be encountered when using SSL if the names do not match. If
internal DNS does not forward that FQDN to the CAS, you might need to
fool the ISA server by using a hosts file to make it resolve the FQDN to
the CAS. Click Next to continue.
|
8. | Under Public Name Details, enter "This domain name" and then type in the FQDN of the public name, such as mail.companyabc.com. Click Next to continue.
|
9. | For
Web Listener, either choose an existing listener that can be used for
OWA or Outlook Anywhere, or click the New button. This scenario assumes
you are creating a new listener. Click the New button.
|
10. | At
the start of the Web Listener Wizard, enter a descriptive name for the
listener, such as Exchange HTTP/HTTPS Listener, and click Next to
continue.
|
11. | A
prompt appears to choose between SSL and non-SSL. This prompt refers to
the traffic between the client and ISA, which should always be SSL
whenever possible. Click Next to continue.
|
12. | Under Web Listener IP addresses, select the External Network, and leave it at All IP Addresses. Click Next to continue.
|
13. | Under Listener SSL Certificates, click Select Certificate.
|
14. | Select the mail.companyabc.com
certificate. If the certificate is not on the ISA server, it must be
installed into the Certificates store of the ISA server.
|
15. | Click Next to continue.
|
16. | For the type of authentication, choose HTTP Authentication and then check the Basic check box, as shown in Figure 4. Leave Windows (Active Directory) selected, and click Next.
|
17. | Click Next at the Single Sign on Settings dialog box. SSO is not available with Basic authentication.
|
18. | Click Finish to end the wizard.
|
19. | Click Next after the new listener is displayed in the Web Listener dialog box.
|
20. | Under
Authentication Delegation, choose Basic from the drop-down list. Basic
is used as the secured transport mechanism chosen. Click Next to
continue.
|
21. | Under
User Sets, leave All Authenticated Users selected. In stricter
scenarios, only specific AD groups can be granted rights to OWA using
this setting. In this case, the default is fine. Click Next to continue.
|
22. | Click Finish to end the wizard.
|
23. | Click Apply in the details pane, and then click OK when you are finished to commit the changes.
|