We have been using OWA2000 for a few years now. The front end server sits in a DMZ and communicates to the backend server with a very painfully developed access list. In addition, you need two factor authentication to even get to the login screen.
I recently attended a Microsoft presentation of the new architecture of Outlook 2007. The one thing that stuck out to me was that you can no longer put the front end server in a DMZ. It has to be on the internal network. The recommended way to publish OWA is ISA2006. I don't currently have ISA2006 anywhere in my network and we are a very heavy Cisco shop. What options do I have for publishing OWA? Purchasing ISA2006 for this one application seems a bit overkill. Any help or guidance would be appreciated. Google turns up lots of hits for doing this with ISA but doesn't give any alternative. Randy Hall - Sr. Security Engineer - CISSPĀ The Virginian Pilot - (757) 446-2754
