Welcome to ISAserver.org

Help with Infrastructure

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Help with Infrastructure

Page: [1]

Message

<< Older Topic Newer Topic >>

Help with Infrastructure - 30.Jan.2008 6:34:49 AM

The ISA Newbie

Posts: 19
Joined: 12.Dec.2007
Status: offline

Hi

I have almost everything running as i want it to in my test enviroment, but only almost.

This is a picture of my current setup.

Only problem i really have now is how to set up the "Net-U" part.
Since it has another ip range than my working "Guest network" ive tried adding another network to my network sets, but this didnt work since my ISA server just counted my 10.1.224.0 addresses for spoofed

Ive tried "Route Add" in cmd with no luck.

Switches/Routers are Cisco equipment (Catalyst 2900/2600 Series)

Internal connection works, i can ping from one network to another
Can see the DNS requests on my ISA server from 10.1.224.0, but nothing happens further, not even with All Users allowed to connect to the internet.

My biggest wish is to somehow allow all users from my Net-U domain to gain access through my ISA firewall when they have logged on Net-U with their AD username/password.

How can i get this to work?
Which Network design should i use?
Do i have to make my ISA server a domain member to refer to Net-U with authentication?
Can i use 2 network sets and get the server to see 10.1.224.0 as not spoofed?

Please send me a PM or reply to this post with any feedback
You are also welcome to add me to MSN: Jesperdb@gmail.com

Thank you

Post #: 1

Featured Links*

RE: Help with Infrastructure - 30.Jan.2008 1:12:15 PM

Rotorblade

Posts: 963
Joined: 27.Feb.2007
Status: offline

Hi,

With your current config:

#1 Make sure that you have included and defined the IP range of the 10.1.224.0 network in the ISA's Internal Network Objects IP range.

#2 Create a persistent static mapping on the ISA server for the 10.1.224.0 network.

quote:

My biggest wish is to somehow allow all users from my Net-U domain to gain access through my ISA firewall when they have logged on Net-U with their AD username/password.

I think we have had this conversation before. Simple solution is to add another NIC to the ISA and isolate the two networks. Your ISA should be part of the domain so you can authenticate who you want to authenticate and create access rules to require authentication for the domain clients and create other anonymous access rules for the guest network. I think if I recall you wanted to require authentication on both networks. Radius, RSA or Certificate based may be an option there.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to The ISA Newbie)

Post #: 2

RE: Help with Infrastructure - 30.Jan.2008 1:21:08 PM

The ISA Newbie

Posts: 19
Joined: 12.Dec.2007
Status: offline

Hi again RB

Solved the problem on the workgroup network

And thanks for the answer, gonna add another NIC and seperate the networks totally then =)

Cheers

(in reply to Rotorblade)

Post #: 3

RE: Help with Infrastructure - 5.Feb.2008 12:03:21 PM

tshinder

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Newb,

That sounds like a good plan.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to The ISA Newbie)

Post #: 4