We need to publish exchange on the reverse proxy to receive emails from the Internet, or log on to OWA on the Internet. This requires configuring port ing on the router first, map the ports required by exchange to the TMG server, and forward the ports to cas or edge by TMG. the ports to be released include 25, 443, and 587. After the ports are mapped to TMG, exchange must be published on TMG, including SMTP, OWA, ActiveSync, and outlook anywhere. If SMTP is not published, the client cannot receive the mail.
First, release OWA first, and OWA will access port 443 by default. Therefore, we only need to publish HTTPS. either of the two publishing methods is the HTTP tunnel mode, one is the HTTP bridge mode. The difference is that the bridge mode is safer and the mail content can be parsed. The tunnel mode only supports simple forwarding. Here, the bridge mode is used.
To publish OWA in the bridge mode, TMG must trust the Enterprise CA and import the exchange certificate with the private key to TMG to parse the encrypted mail content.
The process of importing a certificate is not too difficult. Because a certificate has been exported before, you can simply use the imported certificate. Because TMG adds a domain, it must trust the CA, the domain name can also be resolved and the prerequisites have been met. We can directly release OWA. By the way, the methods and operations for releasing ActiveSync and OWA are basically the same, therefore, I will not post an article separately. The article will show the differences between publishing OWA and publishing ActiveSync. First, let's look at the method for publishing OWA.
1. First, log on to TMG, create a firewall policy, and select the Exchange Web Client Access Publishing rule.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B5/wKioL1QZSjmRi_w6AAVhrnas9Bo126.jpg "style =" float: none; "Title =" image001.png "alt =" wkiol1qzsjmri_w6aavhrnas9bo126.jpg "/>
2. Enter the rule name
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B3/wKiom1QZSiLT3MvrAAIExb3VwYE242.jpg "style =" float: none; "Title =" image003.png "alt =" wkiom1qzsilt3mvraaiexb3vwye242.jpg "/>
3. Select the Exchange version. Select 2010 here, because there is no 2013, but there is basically no difference. Then select OWA, which is basically the difference between publishing OWA and publishing ActiveSync.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B5/wKioL1QZSjuA8R3_AAFIKk-_UX0796.jpg "style =" float: none; "Title =" image004.png "alt =" wKioL1QZSjuA8R3_AAFIKk-_UX0796.jpg "/>
4. Go to the next step.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B3/wKiom1QZSiSxpDdyAAGtbSIs7Ns495.jpg "style =" float: none; "Title =" image005.png "alt =" wkiom1qzsisxpddyaagtbsis7ns495.jpg "/>
5. Use SSL to connect to the published web server or server farm
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/49/B5/wKioL1QZSj2yBSEiAAHylEouhOg458.jpg "style =" float: none; "Title =" image006.png "alt =" wkiol1qzsj2ybseiaahyleouhog458.jpg "/>
6. Enter the internal site name, and then enter the NLB address of CAS below
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/49/B3/wKiom1QZSiWixzjfAAIFlGRtDZI165.jpg "style =" float: none; "Title =" image007.png "alt =" wkiom1qzsiwixzjfaaiflgrtdzi165.jpg "/>
7. Enter the Internet domain name here for the accepted Domain Name
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B5/wKioL1QZSj7h5_6vAAFCpZ3FUk4499.jpg "style =" float: none; "Title =" image008.png "alt =" wkiol1qzsj7h5_6vaafcpz3fuk4499.jpg "/>
8. Create a Web Listener
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B3/wKiom1QZSibRSCgOAAEj23rTnN4865.jpg "style =" float: none; "Title =" image009.png "alt =" wkiom1qzsibrscgoaaej23rtnn4865.jpg "/>
9. Enter the Web Listener name
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B3/wKiom1QZSieQ_J43AAHC-BOTUEQ026.jpg "style =" float: none; "Title =" image010.png "alt =" wKiom1QZSieQ_J43AAHC-BOTUEQ026.jpg "/>
10. Next Step
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B5/wKioL1QZSj_Ca5McAAHLLN6UBRc287.jpg "style =" float: none; "Title =" image011.png "alt =" wkiol1qzsj_ca5caahlln6ubrc287.jpg "/>
11. Select an external listener address.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B3/wKiom1QZSiiS0zdnAAG3frJiubw476.jpg "style =" float: none; "Title =" image012.png "alt =" wkiom1qzsiis0zdna ag3frjiubw476.jpg "/>
12. Select the previous exchange certificate for the certificate.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/49/B5/wKioL1QZSkGQi_zeAAFTvr7OJqY668.jpg "style =" float: none; "Title =" image013.png "alt =" wkiol1qzskgqi_zeaaftvr7ojqy668.jpg "/>
13. No Authentication
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/49/B3/wKiom1QZSinAGOD2AAFi7fx1p3w332.jpg "style =" float: none; "Title =" image014.png "alt =" wkiom1qzsinagod2aafi7fx1p3w332.jpg "/>
14. Next Step
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B5/wKioL1QZSkKh28ZlAAEyqDpHwM0511.jpg "style =" float: none; "Title =" image015.png "alt =" wkiol1qzskkh28zlaaeyqdphwm0511.jpg "/>
15. Web Listener created
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B5/wKioL1QZSkPg5sDXAAHnJ-H_Axg398.jpg "style =" float: none; "Title =" image016.png "alt =" wKioL1QZSkPg5sDXAAHnJ-H_Axg398.jpg "/>
16. Go back to the previous wizard and click Next.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B3/wKiom1QZSivjedaTAAF6TuuaXnQ016.jpg "style =" float: none; "Title =" image017.png "alt =" wkiom1qzsivjedataaf6tuuaxnq016.jpg "/>
17. Select No delegates
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B5/wKioL1QZSkSQ4kDRAAGyVMkzSyw697.jpg "style =" float: none; "Title =" image018.png "alt =" wkiol1qzsksq4kdraagyvmkzsyw697.jpg "/>
18. Effective for all users
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/B3/wKiom1QZSi3Tju68AAEhB2wJ3ho271.jpg "style =" float: none; "Title =" image019.png "alt =" wkiom1qz1_tju68aaehb2wj3ho271.jpg "/>
19. Completed
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/49/B3/wKiom1QZTCrwi8RVAAIGn97BHaU330.jpg "style =" float: none; "Title =" image020.png "alt =" wkiom1qztcrwi8rvaaign97bhau330.jpg "/>
20. Enter an Internet address to access OWA. Of course, you need to set the MX record and a record on the Internet DNS.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B5/wKioL1QZTETTgx4jAAPrL4O7FoI292.jpg "style =" float: none; "Title =" image021.png "alt =" wkiol1qztettgx4jaaprl4o7foi292.jpg "/>
21. If ActiveSync is selected for the new rule, exchange ActiveSync is published. The difference is that the virtual directory is different. After publishing exchange ActiveSync, you can connect to exchange with your mobile phone. The following figure shows the effect.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/B5/wKioL1QZTPag3CZuAAHrSm37nKM114.jpg "Title =" 1.jpg" alt = "wkiol1qztpag3czuaahrsm37nkm114.jpg"/>
Okay, this is the process of publishing exchange ActiveSync and OWA on TMG.
This article is from the "Just make it happen" blog, please be sure to keep this source http://mxyit.blog.51cto.com/4308871/1554414
Release OWA and exchange ActiveSync from exchange to Office 365 series (11)