Configuring ISA Server 2006 for Exchange Client Access
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft Exchange Server 2007 are designed to work together to provide a more secure messaging environment.
ISA Server 2006 and Exchange 2007
ISA Server acts as an advanced firewall that controls Internet-based traffic between multiple networks that are connected to it through its multi-networking feature. When you deploy ISA Server 2006 for Exchange 2007, ISA Server handles all client requests for Exchange information. This includes incoming and outgoing Internet communication.
Benefits of Using ISA Server 2006 with Exchange 2007
New features for ISA Server 2006 are designed specifically to enhance functionality for Exchange 2007. Table 1 describes these features.
Table 1 New features for ISA Server 2006 and Exchange 2007
| Feature | Description | How To |
|---|---|---|
Web Publishing Load Balancing |
ISA Server 2006 balances the request from the client to an array of published servers. This eliminates the need to deploy Network Load Balancing (NLB) on the published array. |
Web load balancing features are automatically implemented when you publish Outlook Web Access and Outlook Anywhere. Outlook Web Access automatically selects a rule by using cookie-based load balancing. With cookie-based load balancing, all requests related to the same session (the same unique cookie provided by the server in each response) are forwarded to the same server. Outlook Anywhere uses source-IP based load balancing. With source-IP based load balancing, all requests from the same client (source) IP address are forwarded to the same server. Other Exchange services and features such as Exchange ActiveSync must use cookie-based load balancing. This also includes the Exchange services such as the offline address book and the Availability service. |
Link Translation |
Some published Web sites may include references to internal names of computers. Because only the ISA Server 2006 firewall and external namespaces are available to external clients, these references appear as broken links. ISA Server 2006 includes a link translation feature that you can use to create a dictionary of definitions for internal computer names that map to publicly known names. |
ISA Server 2006 implements link translation automatically when you configure Web publishing for Outlook Web Access. |
Secure Sockets Layer (SSL) Bridging Support |
For authenticated and encrypted client access, ISA Server 2006 provides end-to-end security and application layer filtering by using SSL-to-SSL bridging. This means that encrypted data is inspected before it reaches the Exchange server. The ISA Server 2006 firewall decrypts the SSL stream, performs stateful inspection, and then re-encrypts the data and forwards it to the published Web server. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid. |
ISA Server 2006 implements SSL Bridging Support automatically when you configure Web publishing for Outlook Web Access. |
In addition to the features listed in Table 1, ISA Server 2006 is designed to work specifically with the client access methods that you can use with Exchange 2007.
New Exchange Publishing Rule Wizard
When you deploy ISA Server 2006, you use the New Publishing Rule Wizard on the firewall policy tasks to help you with the settings that must be configured to allow access for the following features:
Outlook Web Access When you deploy ISA Server 2006 for Outlook Web Access, you use the New Exchange Publishing Rule Wizard that is on the Firewall Policy tasks. This new wizard shows the specific settings that must be configured to allow for client access by using Outlook Web Access. For more information about how to configure ISA Server 2006 to use Outlook Web Access, see Using ISA Server 2006 with Outlook Web Access.
Exchange ActiveSync When you deploy ISA Server 2006 for Exchange ActiveSync, you use the New Exchange Publishing Rule Wizard on the Firewall Policy tasks. This new wizard shows you the specific settings that must be configured to allow for Exchange ActiveSync access. Follow the instructions in the New Exchange Publishing Rule Wizard for ISA Server 2006 to configure your Exchange deployment to use Exchange ActiveSync.
Outlook Anywhere When you deploy ISA Server 2006 for Outlook Anywhere, you use the New Exchange Publishing Rule Wizard on the Firewall Policy tasks. This new wizard shows you the specific settings that must be configured to allow for Outlook Anywhere access. Follow the instructions in the New Exchange Publishing Rule Wizard for ISA Server 2006 to configure your Exchange deployment to use Outlook Anywhere.
POP3 and IMAP4 Access When you deploy ISA Server 2006 for POP3 and IMAP4 access to Exchange 2007, you use the New Exchange Publishing Rule Wizard on the Firewall Policy tasks. This new wizard shows you the specific settings that must be configured to allow for POP3 and IMAP4 access. Follow the instructions in the New Exchange Publishing Rule Wizard for ISA Server 2006 to configure your Exchange deployment to use POP3 and IMAP4.