The tricky part is when this packet gets repackaged and sent back to the OWA server.
Many administrators have made the mistake of simply selecting to forward the traffic to
the internal name of the OWA server, such as server20.companyabc.com. The problem
with this is that the SSL traffic then arrives at the OWA server without the proper host
header (mail.companyabc.com). This causes the communications to fail, and the client to
receive an HTTP error that says the ???Target principal name is incorrect.???
194 CHAPTER 7 Deploying ISA Server as a Reverse Proxy in an Existing Firewall DMZ
The key to fixing this is to make sure that the OWA publishing rule is configured to
publish the server name the same way that the SSL Certificate is configured, such as what
is shown in Figure 7.6.
Or course, the real catch to all of this is that the FQDN of the original host header will
either be found unresolvable by the ISA server or end up forwarding the traffic back to the
external interface, which is definitely not wanted. Instead, the traffic needs to be redirected
to point to the internal OWA server through the use of a hosts file on the ISA server
itself.
Pages:
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357