|ISA Server is a full-featured product that provides Internet security and acceleration functions for your internal clients, but as you are well aware, the reverse is also true. ISA Server can be used to allow inbound connections for external clients who need to access information on your network. This may include corporate clients or even Internet clients accessing your Web site.|
Regardless of your inbound needs or configuration scenarios, ISA Server can be used to allow inbound connections and manage them with a variety of features that will meet both your connectivity needs as well as security needs.
In order for ISA Server to accept incoming requests, listeners must be configured on the server or array. The listener(s) determine what IP address and port ISA Server uses to listen for incoming Web requests. Once you have configured the listener, you can then determine how ISA Server handles the incoming requests both through security configuration as well as policies. Unless you explicitly enable / configure listeners on a server or array, ISA Server does not listen for connections and none are made.
Curt Simmons is the Author of ‘Microsoft Internet Security and Acceleration Server 2000 Study Guide : Exam 70-227 ( Certification Study Guides)‘
Curt Simmons is also the Author of ‘Microsoft ISA Configuration and Administration ‘
To configure these options, you access the server or array’s Incoming Web Requests tab found on the server / array’s properties sheets, as shown in Figure 1. If you choose to use the same listener configuration for all IP addresses, then by default, ISA Server listens on all IP addresses for incoming Web requests and uses Integrated authentication on TCP port 80. If you need to use SSL listeners, port 443 is used.
However, you may need to configure listeners on an individual basis. For example, let’s say that you have an array of five ISA Servers. However, you only want two of those servers to listen on their external IP addresses for incoming Web requests. In order to configure the array in this manner, select the “configure listeners individually…” radio button, and then click the Add button. This opens the Add/Edit Listeners window where you can configure the desired servers and IP addresses as needed for your array, as seen in Figure 2.
Once you have configured listeners as needed for your incoming requests, pay attention to the Connection Settings options at the bottom of the Incoming Web Requests tab. You have two check box options. The first requires that unauthenticated users be asked for identification. Essentially, all Web requests must be authenticated using the authentication method configured for the listener. The second option uses CARP to resolve requests within the array before routing. For example, let’s say you are using an array of ISA Servers in front of your company Web server. Since reverse caching can function for Internet clients, you should enable this check box so that Web pages from your Web server are cached on the array. The resolve requests check box option essentially “turns on” reverse caching for the array and each member to access the cache of the other array members in order to fulfill Web requests. Without this option selected, each server works only with its own physical cache – not the entire array.
Finally, you see a Configure button on the Incoming Web Requests tab. This opens the Connection Settings dialog box that enables you to set a maximum number of connections if desired. By default, the “unlimited” radio button is selected and the connection timeout value is 120 seconds. You can use this dialog box to change this behavior if necessary.