Install & Configure ISA server 2006 for MOSS 2007 Environment: “SharePoint Publishing Rule”


Note: I have used this setup for internal testing purpose. This configuration might be different in a production environment.

Step1: Prerequisite for Installing ISA server 2006:

We need to have 2 Network Adapters configured.

Rename one of the Network Adapter to Internal & the other to External.Just for identification.

The Key point to note that we don’t have a Default Gateway or DNS server specified for External adapter. This is the configuration we need to have for the ISA server route the packets correctly.

clip_image002[4]

Step2: Now that we have the network Adapter setup, we can now install ISA server 2006

We can have the ISA server within the MOSS domain or within a workgroup, but need to make sure the internal NIC is able to access the MOSS server thru an IP or ServerName.

clip_image004[4]

While Installing ISA server we need to install both the Server Services and configuration Storage Server.

clip_image006[4]

Use the default configuration settings provided by the step up and continue.

Now you would be provided with the below option to select the Internal Network. Make sure to select the Internal network.

clip_image008[4]

Click on ADD à Add Adapter à Select Internal network Adapter.

clip_image010[4]

Use the default configuration settings provided by the step up and continue to finish the installation.

Step3: Now that we have the ISA server installed we need to configure a few Firewall rules

Firewall Rule to allow all protocol communication:

We need to create an Access rule to allow RDP and Ping. So usually I would allow all protocol to communicate with ISA server to the outside world.

clip_image012[4]

clip_image014[4]

clip_image016[4]

We need to select both External and the Internal network for communication. And this applies to both traffic originating and traffic sent to.

clip_image018[4]

clip_image020[4]

clip_image022[4]

Now we are going to configure SharePoint Publishing Firewall Rule: We are not using SLL termination!!

clip_image024[4]

clip_image026[4]

clip_image028[4]

Internal Site Name: Is the MOSS Site address only without the port number. For E.g. let’s say that we have a moss site http://lc1-6a06:8080 the Internal Site Address would be only http://lc1-6a06 without the port number. We need to bridge the port number in the later wizard.

The Computer Name: is the MOSS Servers IP or the customer name. I would prefer gving the IP if the ISA server is not part of the MOSS Domain.

clip_image030[4]

The Accept Request should be “This domain Name”

And Public name is the external URL of the MOSS site which the client would use to access the MOSS Site.

clip_image032[4]

We need to configure a Listener for the SharePoint Publishing Rule:

clip_image034[4]

Click on New to create a listener.


clip_image036[4]

clip_image038[4]

clip_image040[4]

clip_image042[4]

Click on Next and finish the listener creation.

Now we continue creating the publishing rule.

clip_image044[4]

clip_image046[4]

My AAM look like :

http://lc1-6a06:8080 Default http://www.externalurl.domain.com
http://www.externalurl.domain.com:8080 Default http://www.externalurl.domain.com

http://www.externalurl.domain.com Default http://www.externalurl.domain.com

clip_image048[4]

We use All User to allow any user to connect to the ISA server for any requests.

Click next and finish the Publishing rule.

Once we have created the Publishing rule we need change few settings:

Changing the bridging info

We need to make sure have port 8080 for HTTP port since our site is running under 8080 in the MOSS Server. So the ISA server bridges the port 80 from external to port 8080 internally.

clip_image050[4]

We need to change the publishing rule to allow

Go to the Properties of the Publishing Rule à Listener àproperties à Authentication à Advance .

Make sure to have checked the “Allow client Authentication over HTTP”

clip_image052[4]

This completes the configuring ISA Server 2006 with the Publishing Rule.

clip_image054[4]

Now try to access the SharePoint site from the client. If you get prompted for credentials then the publishing rule is working.


Comments (2)

  1. cmmahesh says:

    Query from a user…

    We’re trying to determine if what we’re doing is possible and we have a configuration issue with ISA, or if what we’re trying to do is not possible.

    We have a MOSS 2007 environment set up behind an ISA firewall.  We’re using ISA for html authentication.  We have internal customers who want individually branded login sites.  We have one listener that catches the requests on port 80 for our MOSS front end and we were going to set up different web publishing rules for each site, using the custom html forms for each rule.  We followed the guidelines in this Microsoft article (http://technet.microsoft.com/en-us/library/bb794733.aspx) , but in each instance we get the standard ISA login.  If we make the change at the web listener then the custom form is used, but it’s used for all the web publishing rules.

    Thanks for any advice!

  2. cmmahesh says:

    Custom forms can be used in two places

    • Web listener

    • Web Publishing Rule

    I am assuming that you have configured it on web listener,  for now let’s not configure Custom form on web listener and leave it default.

    Instead under the respective web publishing rules, “Applications Settings” Tab should be specified with the forms directory.

Skip to main content