Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Discuss the IAG 2007 articles
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discuss the IAG 2007 articles - 11.Jun.2008 3:03:25 AM
|
|
|
Osman
Posts: 1
Joined: 11.Jun.2008
Status: offline
|
Hi
We have an ISA server 2006 Ent. Edition, Configured as VPN Gateway,Internet sharing server,-Firewall : and we just purchased mIAG 500.
We have single Public IP Address which configured on ISA Server External Interface(Internet). our question how we can configure mIAG to work together with isa server with the same Public IP address.
Thank you in advance
|
|
|
|
|
RE: Discuss the IAG 2007 articles - 11.Jun.2008 4:15:42 AM
|
|
|
Jason Jones
Posts: 3089
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
Ideally you would put IAG in parallel to your existing ISA Server, however you would need an addtional public IP address for this.
I think IAG needs two interfaces to function correctly, otherwise you could simply conenct it to you LAN and then server publish it using the HTTPS Server option.
You may need to look at creating a perimeter (DMZ) network on the ISA Server and then installing IAG in "bridging mode" between the DMZ and the internal network. The external interface of IAG will be in the DMZ and the internal interface will be on the Internal network. You can then server publish IAG as discussed above.
Hope this helps...
Cheers
JJ
_____________________________
Jason Jones | Forefront MVP | Silversands Ltd
My Blog: http://blog.msfirewall.org.uk/
|
|
|
|
|
RE: Discuss the IAG 2007 articles - 20.Aug.2008 10:09:10 AM
|
|
|
Pete89
Posts: 21
Joined: 20.Aug.2008
From: Granada Spain
Status: offline
|
Hello,
This is my first post to the group.
We are a small company in Spain who has recently acquired a mISA 1200 and a mIAG 1200. We hope to accomplish the following with these devices:
1. Publish OWA via the Portal
2. Publish WSS via the Portal
3. Let remote users continue to use RPC over HTTPS via the Portal
4. Let remote users continue to use ActiveSync via the Portal
5. Maintain the site-to-site VPN with a branch office.
Currently we have a ISA 2006 doing all this but this server must be decommissioned and therefore we have decided to go with the appliances.
The network is pretty simple (I wish I could upload a picture though.) We have a FR circuit terminating on a Cisco router that has the only public IP we have. The router is simply forwarding all traffic to the ISA server which is on a private LAN 192.168.1.x
Here is my plan. I need feedback because I have never touched and ISA server in my life, but I am very familiar with other firewalls and networking.
1. I have created a portal on the mIAG using port 4443 (this is on purpose ... keep reading)
2. I am publishing the apps the best I can with the documentation I can find on the Internet and from the hardware provider.
3. I am (still) trying to get the ISP to forward all traffic with destination tcp 4443 to the mIAG box. This way I can see how I am doing from the Outside and not affect production.
4. Once I am happy things work the way we want I will have the ISP change the port to 443 so all SSL traffic goes to the mIAG and hopefully we are flying.
I will stop there because I'd like to hear opinions. I still have no idea how we are gonna swap out the ISA server for the mISA, which will really only take care of the site-to-site VPN. If you are wondering why we got the mISA at all, it is because according to the hardware vendor, you cannot use the site-to-site VPN capabilities of the mIAG because of license issues.
Thanks for any tips and good documentation you might have. Also if anyone knows of a good forum for these devices, please let me know.
P.
|
|
|
|
|
RE: Discuss the IAG 2007 articles - 21.Aug.2008 9:11:43 AM
|
|
|
tshinder
Posts: 48577
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pete,
That's correct. You need to keep the ISA firewall for the site to site VPN.
Check the Microsoft tech library for the IAG for detailed information.
If you're in the US, my company Prowess Consulting can work with you if you need consultative help.
I'm trying to get an IAG forum up here, so stay tuned.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discuss the IAG 2007 articles - 21.Aug.2008 9:17:47 AM
|
|
|
Pete89
Posts: 21
Joined: 20.Aug.2008
From: Granada Spain
Status: offline
|
Thanks for your reply Tom. I am on my own here in Granada Spain, and I am pretty sure I am one of the first people in Spain who has these appliances. I am trying to do this with documentation I can find on the web and that's it.
Thanks,
Pete
|
|
|
|
|
RE: Discuss the IAG 2007 articles - 21.Aug.2008 9:41:02 AM
|
|
|
Pete89
Posts: 21
Joined: 20.Aug.2008
From: Granada Spain
Status: offline
|
OK Tom thanks for giving me the thumbs up on my idea. And if you ever come to Spain, I'll buy you a beer.
Thanks again,
Pete
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
