5. Of course, ISA can do more, but it is this capacity
to do specific jobs very well that bodes well for ISA??™s acceptance among the overall security
industry.
For additional reading on this concept, see Chapter 7.
Deploying ISA Server 2006 in a RADIUS Authentication Environment
ISA Server 2006 supports authentication and logging against a Remote Authentication
Dial-In User Service (RADIUS) environment, allowing for security integration in environments
with an existing investment in RADIUS technologies. By providing this support, ISA
also allows for scenarios where the ISA server is not a Windows NT/AD Domain Member.
This decreases the overall threat associated with deploying an ISA server in certain circumstances,
such as when it is deployed in the DMZ network of an existing firewall.
Exchange Mailbox
Servers
Network Load
Balancing (NLB)
Cluster of Exchange
OWA (CAS) Servers
Active Directory
Domain Controllers
Web Server
(for HTTP
Redirection
to SSL)
ISA Server
Existing
Firewall Firewall rule:
SSL (443) from External to ISA
HTTP (80) from External to ISA
Firewall rule:
SSL (443) from ISA to Exchange CAS
NLB Cluster IP Address
Internet DMZ Network
Internal Nework
FIGURE 1.
Pages:
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113