Correct, but the question of "multiple SSL sites" applies to IAG as well as any other Windows-based, SSL-enabled server. You can have only one certificate associated with a specific listener. What you do through that session is a completely different question.
RFC 4366 server name indication potentially applies to any SSL-based server- not just web services. In theory, you could have a single SMTPS server serving multiple identities via this same mechanism. Jim -----Original Message----- From: Devin Ganger [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2008 12:08 PM To: Jim Harrison; Kelly Martinez; [email protected] Subject: RE: ISA as a proxy AFAIK, IAG does not use RFC 4366; it's an application-level SSL VPN that performs SSL bridging to allow the same effect. The RFC 4366 "Server Name Indication" mechanism (section 3.1) allows a single web server to host multiple SSL-protected sites off the same IP/port combination. IAG is a separate appliance in your perimeter and can allow users to use a single SSL/TLS browser connection to reach multiple internal websites that probably are not on the same physical server, such as OWA, SharePoint, and others. -- Devin L. Ganger, Exchange MVP Email: [EMAIL PROTECTED] 3Sharp Phone: 425.882.1032 14700 NE 95th Suite 210 Cell: 425.239.2575 Redmond, WA 98052 Fax: 425.558.5710 (e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/ -----Original Message----- From: Jim Harrison [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2008 11:57 AM To: Devin Ganger; Kelly Martinez; [email protected] Subject: RE: ISA as a proxy ..to be clear; no Windows server application has this ability. RFC 4366 "Server Name Indication" is not implemented in the server side of SChannel. Vista / WS08 SChannel have it and IE knows how to use it. Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devin Ganger Sent: Friday, May 30, 2008 10:57 AM To: Kelly Martinez; [email protected] Subject: RE: ISA as a proxy Yes, ISA supports publishing multiple web sites (secure or otherwise). Note, however, that if you're trying to publish multiple SSL sites you will need to place them on separate combinations of external ports and IP addresses (that is, a separate IP address for each site on port 443, a single IP address for all sites on separate ports, or some combination thereof) -- ISA does not have the built-in ability to concentrate multiple SSL sites into one external port/IP address. The Microsoft Internet Application Gateway appliance (formerly Whale Communications) does have that functionality, as another poster mentioned; it's built on top of ISA and is specifically designed for that scenario while providing a whole bunch of other cool functionality. -- Devin L. Ganger, Exchange MVP Email: [EMAIL PROTECTED] 3Sharp Phone: 425.882.1032 14700 NE 95th Suite 210 Cell: 425.239.2575 Redmond, WA 98052 Fax: 425.558.5710 (e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Martinez Sent: Friday, May 30, 2008 8:51 AM To: [email protected] Subject: RE: ISA as a proxy So I guess I have a question on ISA as a reverse proxy (as I'm not too familiar with the product). Does ISA support HTTPS/SSL through the proxy? How about to separate servers? Kelly -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo Fontana Sent: Friday, May 30, 2008 12:05 AM To: [email protected] Subject: Re: ISA as a proxy Hello I have been using ISA 2006 as a web proxy for a year or so. It is used also as a reverse proxy (web publishing), and so far it's a stable product without any problems. It is important to dimension the size of the cache in advance so you don't have to resize it later. I'm currently using aprox. 30 GB and it's a fine size for 120 users. Regards, Willy On Wed, May 28, 2008 at 3:19 AM, <[EMAIL PROTECTED]> wrote: > > hi > > i was wandering if anyone has any experiance with ISA 2006 functioning as a proxy and what are the conclusions > > > thanks
