• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discuss the IAG 2007 articles

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Appliances >> Discuss the IAG 2007 articles Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discuss the IAG 2007 articles - 4.May2007 10:55:50 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread if for discussing the IAG 2007 article series.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: Discuss the IAG 2007 articles - 11.Jun.2008 3:03:25 AM   
Osman

 

Posts: 1
Joined: 11.Jun.2008
Status: offline
Hi

We have an ISA server 2006 Ent. Edition, Configured as VPN Gateway,Internet sharing server,-Firewall : and we just purchased mIAG 500.
We have single Public IP Address which configured on ISA Server External Interface(Internet). our question how we can configure mIAG to work together with isa server with the same Public IP address.
Thank you in advance

(in reply to tshinder)
Post #: 2
RE: Discuss the IAG 2007 articles - 11.Jun.2008 4:15:42 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Ideally you would put IAG in parallel to your existing ISA Server, however you would need an addtional public IP address for this.

I think IAG needs two interfaces to function correctly, otherwise you could simply conenct it to you LAN and then server publish it using the HTTPS Server option.

You may need to look at creating a perimeter (DMZ) network on the ISA Server and then installing IAG in "bridging mode" between the DMZ and the internal network. The external interface of IAG will be in the DMZ and the internal interface will be on the Internal network. You can then server publish IAG as discussed above.

Hope this helps...

Cheers

JJ  

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Osman)
Post #: 3
RE: Discuss the IAG 2007 articles - 20.Aug.2008 10:09:10 AM   
Pete89

 

Posts: 21
Joined: 20.Aug.2008
From: Granada Spain
Status: offline
Hello,

This is my first post to the group.

We are a small company in Spain who has recently acquired a mISA 1200 and a mIAG 1200. We hope to accomplish the following with these devices:

1. Publish OWA via the Portal
2. Publish WSS via the Portal
3. Let remote users continue to use RPC over HTTPS via the Portal
4. Let remote users continue to use ActiveSync via the Portal
5. Maintain the site-to-site VPN with a branch office.

Currently we have a ISA 2006 doing all this but this server must be decommissioned and therefore we have decided to go with the appliances.

The network is pretty simple (I wish I could upload a picture though.) We have a FR circuit terminating on a Cisco router that has the only public IP we have. The router is simply forwarding all traffic to the ISA server which is on a private LAN 192.168.1.x

Here is my plan. I need feedback because I have never touched and ISA server in my life, but I am very familiar with other firewalls and networking.

1. I have created a portal on the mIAG using port 4443 (this is on purpose ... keep reading)
2. I am publishing the apps the best I can with the documentation I can find on the Internet and from the hardware provider.
3. I am (still) trying to get the ISP to forward all traffic with destination tcp 4443 to the mIAG box. This way I can see how I am doing from the Outside and not affect production.
4. Once I am happy things work the way we want I will have the ISP change the port to 443 so all SSL traffic goes to the mIAG and hopefully we are flying.

I will stop there because I'd like to hear opinions. I still have no idea how we are gonna swap out the ISA server for the mISA, which will really only take care of the site-to-site VPN. If you are wondering why we got the mISA at all, it is because according to the hardware vendor, you cannot use the site-to-site VPN capabilities of the mIAG because of license issues.

Thanks for any tips and good documentation you might have. Also if anyone knows of a good forum for these devices, please let me know.

P.

(in reply to Jason Jones)
Post #: 4
RE: Discuss the IAG 2007 articles - 21.Aug.2008 9:11:43 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

That's correct. You need to keep the ISA firewall for the site to site VPN.

Check the Microsoft tech library for the IAG for detailed information.

If you're in the US, my company Prowess Consulting can work with you if you need consultative help.

I'm trying to get an IAG forum up here, so stay tuned.

Thanks!
Tom



_____________________________

Thomas W Shinder, M.D.

(in reply to Pete89)
Post #: 5
RE: Discuss the IAG 2007 articles - 21.Aug.2008 9:17:47 AM   
Pete89

 

Posts: 21
Joined: 20.Aug.2008
From: Granada Spain
Status: offline
Thanks for your reply Tom. I am on my own here in Granada Spain, and I am pretty sure I am one of the first people in Spain who has these appliances. I am trying to do this with documentation I can find on the web and that's it.

Thanks,

Pete

(in reply to tshinder)
Post #: 6
RE: Discuss the IAG 2007 articles - 21.Aug.2008 9:37:35 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

Well, Spain a little far away from Texas, so I don't think we'll be able to come on site

You shouldn't have too many problems. The trunk can be configured to use 4443 while you're testing, and then later you can change the port for the trunk to use 443.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Pete89)
Post #: 7
RE: Discuss the IAG 2007 articles - 21.Aug.2008 9:41:02 AM   
Pete89

 

Posts: 21
Joined: 20.Aug.2008
From: Granada Spain
Status: offline
OK Tom thanks for giving me the thumbs up on my idea. And if you ever come to Spain, I'll buy you a beer.

Thanks again,

Pete

(in reply to tshinder)
Post #: 8
RE: Discuss the IAG 2007 articles - 22.Aug.2008 9:22:01 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

Thanks! I just might take you up on that beer someday :)

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Pete89)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Appliances >> Discuss the IAG 2007 articles Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts