Hi Everyone,I have set Exchange 2007 up a couple of times now but this is my first time publishing it with ISA2006. I've added the update for 2K7 to ISA and can create publishing rules OK. My ISA box will also be running GFI Mailessentials when I get the solution working. My OWA is working fine internally but I can't get access externally.The clients Internet connection is a single static IP so the router is forwarding all required ports to the ISA's external NIC. Doing monitoring of traffic I can see my SSL traffic getting to the ISA's external connection and being blocked by the default access rule.I think the problem may be certificate related, I have purchased and installed a UM certificate with several alternative names. The external A record points to portal.domainname and this certificate is installed on the Exchange server which also runs IIS for the OWA site. The certificate is activated for the required services. This same certificate is also installed on the ISA box.I've been told by another engineer I have to use a different certificate on the Exchange box to the ISA server but I thought this was covered by the different names attached to the certificate. I intend to publish Outlook Anywhere, OWA and ActiveSync once I have got OWA working, I understand each of these services require their own rules.To give you an idea of my setup.Router (192.168.1.1) >> (192.168.1.4) ISA Ext [---] (192.168.0.4) ISA Int >>> (192.168.0.3) Exchange ServerCurrently I have about 10 rules on the ISA box being SMTP in, RDP in, Access to and from localhost internally Outgoing DNS and Internal traffic.I've created a HTTPS Listener which is set to listen to 192.168.1.4 for http and https, (it redirects http to https), using the portal .domainname certificate with HTML Forms using Windows AD, password change and remind users both enabled and SSO enabled for their internal domain name.The OWA Access Rule properties are allow, anywhere, published site is just the exchange servers NetBIOS name (not FQDN) and the computer name or IP is set to be the FQDN external name, i.e. portal.domainname. Forward host headers are enabled with requests coming from the original client. Traffic is HTTP and HTTPS, Listener is one detailed above, public name is portal.domainname, paths are default, authentication is basic (matches Exchange server), Application is Exchange, Bridging has Web server selected with redirect to SSL selected.Why would my listener not pick up on the incoming HTTPS traffic? Have I goofed configuring this? I've found quite a few guides on the web, several of them say exactly the opposite thing should be done when configuring ISA. My concern is to get the thing working, I've been playing with this for ages and best I've got is the Forms pages from ISA but that was publishing the Exchange box as 2003 and forms authentication enabled on the Exchange server. No one seems to be talking about publishing Exchange behind ISA with a UM Cert.Can anyone help me?

Take a look at these documents You should find all information you need http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx http://www.msexchange.org/tutorials/Publishing-Exchange-2007-OWA-ISA-Server-2006.html http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part1.html Deli

Hi, Thanks for the links, I was aware of all three of these articles, in fact I based my deployment on Tom's document even though his deployment is not quite the same as mine. I'm just going over his certificate management information again hopefully I can get mine to work. Thanks again for your post. Ray