Note: I have used this setup for internal testing purpose. This configuration might be different in a production environment.
Step1: Prerequisite for Installing ISA server 2006:
We need to have 2 Network Adapters configured.
Rename one of the Network Adapter to Internal & the other to External.Just for identification.
The Key point to note that we don’t have a Default Gateway or DNS server specified for External adapter. This is the configuration we need to have for the ISA server route the packets correctly.
Step2: Now that we have the network Adapter setup, we can now install ISA server 2006
We can have the ISA server within the MOSS domain or within a workgroup, but need to make sure the internal NIC is able to access the MOSS server thru an IP or ServerName.
While Installing ISA server we need to install both the Server Services and configuration Storage Server.
Use the default configuration settings provided by the step up and continue.
Now you would be provided with the below option to select the Internal Network. Make sure to select the Internal network.
Click on ADD à Add Adapter à Select Internal network Adapter.
Use the default configuration settings provided by the step up and continue to finish the installation.
Step3: Now that we have the ISA server installed we need to configure a few Firewall rules
Firewall Rule to allow all protocol communication:
We need to create an Access rule to allow RDP and Ping. So usually I would allow all protocol to communicate with ISA server to the outside world.
We need to select both External and the Internal network for communication. And this applies to both traffic originating and traffic sent to.
Now we are going to configure SharePoint Publishing Firewall Rule: We are not using SLL termination!!
Internal Site Name: Is the MOSS Site address only without the port number. For E.g. let’s say that we have a moss site http://lc1-6a06:8080 the Internal Site Address would be only http://lc1-6a06 without the port number. We need to bridge the port number in the later wizard.
The Computer Name: is the MOSS Servers IP or the customer name. I would prefer gving the IP if the ISA server is not part of the MOSS Domain.
The Accept Request should be “This domain Name”
And Public name is the external URL of the MOSS site which the client would use to access the MOSS Site.
We need to configure a Listener for the SharePoint Publishing Rule:
Click on New to create a listener.
Click on Next and finish the listener creation.
Now we continue creating the publishing rule.
My AAM look like :
http://lc1-6a06:8080 Default http://www.externalurl.domain.com
http://www.externalurl.domain.com:8080 Default http://www.externalurl.domain.com
http://www.externalurl.domain.com Default http://www.externalurl.domain.com
We use All User to allow any user to connect to the ISA server for any requests.
Click next and finish the Publishing rule.
Once we have created the Publishing rule we need change few settings:
Changing the bridging info
We need to make sure have port 8080 for HTTP port since our site is running under 8080 in the MOSS Server. So the ISA server bridges the port 80 from external to port 8080 internally.
We need to change the publishing rule to allow
Go to the Properties of the Publishing Rule à Listener àproperties à Authentication à Advance .
Make sure to have checked the “Allow client Authentication over HTTP”
This completes the configuring ISA Server 2006 with the Publishing Rule.
Now try to access the SharePoint site from the client. If you get prompted for credentials then the publishing rule is working.