Microsoft KB Archive/837834

= How to publish an SSL Web site by using SSL tunneling in ISA Server 2004 =

Article ID: 837834

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition

-







For a Microsoft Internet Security and Acceleration Server 2000 version of this article, see 298900.



INTRODUCTION
This article describes how to use a server publishing rule to publish a Secure Sockets Layer (SSL) Web site in Microsoft Internet Security and Acceleration (ISA) Server 2004. You can publish an SSL Web site in many ways. For example, you can use SSL bridging to publish an SSL Web site. However, the SSL bridging method requires you to move the SSL Web site certificate to the computer that is running ISA Server.

You can also use SSL tunneling to publish an SSL Web site. The SSL tunneling method does not require you to move the SSL Web site certificate from the internal Web server computer. This method maps port 443 on the external interface of the ISA Server-based computer to the internal Web server on port 443. This method is described in this article.



MORE INFORMATION
To use SSL tunneling to publish an SSL Web site in ISA Server 2004, follow these steps:
 * 1) Start ISA Server Management.
 * 2) Expand  , where   is the name of your ISA Server-based computer, and then click Firewall Policy.
 * 3) Click the Tasks tab, and then click Publish a Secure Web Server.
 * 4) In the SSL Web publishing rule name box, type a descriptive name for this rule, and then click Next.
 * 5) Click SSL Tunneling, and then click Next.
 * 6) In the Server IP address box, type the IP address of the Web server where you want to publish the Web site, and then click Next.
 * 7) Click to select the check box that corresponds to the network that you want ISA Server to listen to for Hypertext Transfer Protocol Secure (HTTPS) requests. For example, to cause ISA Server to listen on the external network, click to select the External check box.
 * 8) Click Next, and then click Finish.
 * 9) Click Apply to update the firewall policy, and then click OK.

The SSL Web site is now available on the external IP address of the ISA Server-based computer. You may have to make host record changes on your externally-accessible DNS server to map the IP address of the ISA Server-based computer's external interface to the host record of the SSL Web site.

For additional information about how to publish a SSL Web site, see the &quot;SSL Bridging and Tunneling&quot; topic in ISA Server 2004 Help.

Keywords: kbhowto kbinfo kbfirewall kbisa2006swept KB837834

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.