The following table describes several of the benefits of using ISA Server 2006 to protect client access through Outlook Anywhere to your Exchange deployment.

ISA Server 2006 features for Exchange ActiveSync

When you deploy ISA Server 2006 to help secure communication from Exchange ActiveSync clients on the Internet to Exchange 2007 computers that have the Client Access server role installed, we recommend that you confirm the following:

• Forms based authentication is not configured on the Exchange Client Access server. When ISA Server 2006 is being used to publish Exchange client access, we recommend forms-based authentication be configured only on the ISA Server computer.
  
  
• A server certificate is installed on the Exchange Client Access server. This certificate can be from an internal certification authority (CA) or a public CA.
  
  
• SSL is required on all Exchange Client Access virtual directories.
  
  

After you confirm these settings, you can configure ISA Server 2006 to provide Exchange ActiveSync access for your clients.

To enable an encrypted channel between the client computer and the ISA Server computer, you first have to install a server certificate on the ISA Server computer. This certificate should be issued by a public certification authority (CA) because it will be accessed by users on the Internet. If a private CA is used, the root certificate from the private CA must be installed on any computer that requires a secure (HTTPS) connection to the ISA Server computer.

For more information about how to install a server certificate on ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006.

After a server certificate is installed on the ISA Server computer, you can run the New Exchange Publishing Rule Wizard. Running the New Exchange Publishing Rule Wizard to provide Exchange ActiveSync access involves the following steps:

1. Create a server farm (optional)   When you have more than one Client Access server within your organization, you can use ISA Server to provide load balancing for these servers. The server farm properties determine the following:
   
   
   • The specific servers included in the farm.
     
     
   • The connectivity verification method that ISA Server will use to verify that the servers are functioning correctly.
     
     
2. Create a Web listener   When you create a Web publishing rule, you must specify a Web listener. The Web listener properties determine the following:
   
   
   • The IP addresses and ports on the specified networks that the ISA Server computer uses to listen for Web requests (HTTP or HTTPS).
     
     
   • Which server certificates to use with IP addresses.
     
     
   • The Authentication method to use.
     
     
   • The number of concurrent connections that are allowed.
     
     
   • Single sign-on (SSO) settings.
     
     
3. Create an Exchange Web client access publishing rule   When you publish an internal Exchange 2007 Client Access server through ISA Server 2006, you are protecting the Web server from direct external access because the name and IP address of the server cannot be viewed by the user. The user accesses the ISA Server computer. The ISA Server computer then forwards the request to the internal Web server according to the conditions of your Web server publishing rule. An Exchange Web client access publishing rule is a Web publishing rule that contains default settings appropriate to Exchange client access.
   
   

For more information about how to use the New Exchange Publishing Rule Wizard, see Microsoft ISA Server 2006.

Important:
There is a software update that is required for ISA Server 2006 before you can publish Exchange Server 2007. For more information about that update, see Update for Publishing Microsoft Exchange Server 2007 for Internet Security and Acceleration (ISA) Server 2006.

For more information about how to configure ISA Server 2006 for client access, see Configuring ISA Server 2006 for Exchange Client Access.