Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-20

You may want to use a reverse proxy server to manage incoming requests to a computer that is running Microsoft Exchange Server 2007 that has the Client Access server role installed or to servers that provide Outlook Web Access. A reverse proxy server provides the following advantages over a direct connection to a Client Access server:

You can use Microsoft Internet Security and Acceleration (ISA) Server as a reverse proxy server.

For more information about how to use ISA Server as a reverse proxy server, see the Microsoft Internet Security and Acceleration Server Web site.

Before You Begin

To perform the following procedure on an ISA Server 2006 computer, the account you use must be delegated the ISA Server Enterprise Administrator role. To configure Outlook Web Access on the Exchange Client Access server, the account you use must be delegated the Exchange Server Administrator role and must be a member of the local Administrators group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.


To use ISA Server 2006 to configure a reverse proxy for Outlook Web Access

  1. In the ISA Server 2006 console, use the Publish Exchange Web Client Access wizard to publish Outlook Web Access.

  2. Configure ISA Server to authenticate users when they connect to the Outlook Web Access virtual directories (optional).

    For more information about how to configure ISA Server, see Publishing Exchange Server 2007 with ISA Server 2006.

If you have configured the ISA Server computer to authenticate users, we recommend that you configure the Outlook Web Access virtual directories to use either Integrated Windows authentication or Basic authentication, depending on which type of authentication is required by your organization. When you use Basic authentication or Integrated Windows authentication, users are prompted for their logon information only one time.

Integrated Windows authentication prohibits access to documents on Windows file shares or in Windows SharePoint Services document libraries from Outlook Web Access. If you must access documents from Outlook Web Access, you must use Basic authentication.

For More Information