We have an ISA server 2006 Ent. Edition, Configured as VPN Gateway,Internet sharing server,-Firewall : and we just purchased mIAG 500. We have single Public IP Address which configured on ISA Server External Interface(Internet). our question how we can configure mIAG to work together with isa server with the same Public IP address. Thank you in advance
From: United Kingdom
Ideally you would put IAG in parallel to your existing ISA Server, however you would need an addtional public IP address for this.
I think IAG needs two interfaces to function correctly, otherwise you could simply conenct it to you LAN and then server publish it using the HTTPS Server option.
You may need to look at creating a perimeter (DMZ) network on the ISA Server and then installing IAG in "bridging mode" between the DMZ and the internal network. The external interface of IAG will be in the DMZ and the internal interface will be on the Internal network. You can then server publish IAG as discussed above.
We are a small company in Spain who has recently acquired a mISA 1200 and a mIAG 1200. We hope to accomplish the following with these devices:
1. Publish OWA via the Portal 2. Publish WSS via the Portal 3. Let remote users continue to use RPC over HTTPS via the Portal 4. Let remote users continue to use ActiveSync via the Portal 5. Maintain the site-to-site VPN with a branch office.
Currently we have a ISA 2006 doing all this but this server must be decommissioned and therefore we have decided to go with the appliances.
The network is pretty simple (I wish I could upload a picture though.) We have a FR circuit terminating on a Cisco router that has the only public IP we have. The router is simply forwarding all traffic to the ISA server which is on a private LAN 192.168.1.x
Here is my plan. I need feedback because I have never touched and ISA server in my life, but I am very familiar with other firewalls and networking.
1. I have created a portal on the mIAG using port 4443 (this is on purpose ... keep reading) 2. I am publishing the apps the best I can with the documentation I can find on the Internet and from the hardware provider. 3. I am (still) trying to get the ISP to forward all traffic with destination tcp 4443 to the mIAG box. This way I can see how I am doing from the Outside and not affect production. 4. Once I am happy things work the way we want I will have the ISP change the port to 443 so all SSL traffic goes to the mIAG and hopefully we are flying.
I will stop there because I'd like to hear opinions. I still have no idea how we are gonna swap out the ISA server for the mISA, which will really only take care of the site-to-site VPN. If you are wondering why we got the mISA at all, it is because according to the hardware vendor, you cannot use the site-to-site VPN capabilities of the mIAG because of license issues.
Thanks for any tips and good documentation you might have. Also if anyone knows of a good forum for these devices, please let me know.
Thanks for your reply Tom. I am on my own here in Granada Spain, and I am pretty sure I am one of the first people in Spain who has these appliances. I am trying to do this with documentation I can find on the web and that's it.