Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA2006 in DMZ - Single NIC/IP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> ISA2006 in DMZ - Single NIC/IP Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA2006 in DMZ - Single NIC/IP - 28.Nov.2007 2:04:49 AM   
ntnews

 

Posts: 3
Joined: 28.Nov.2007
Status: offline 		I am new to ISA and read that it requires two NICs in order to setup and create your trusted and untrusted networks? I am trying to put the ISA server in my DMZ with a public IP as my untrusted network. I want to open port 443 to it and than publish Exchange 2007 OWA rules to my internal Exchange 2007 OWA farm. Do I have to install another NIC for my internal network to make this work or can I just route the traffic through my DMZ network interfaces to my internal network and allow 443 from my ISA server internally to my CAS farm?  I do not want to setup a dual homed PC in my DMZ if at all possible

Thanks
ntnews
Post #: 1
RE: ISA2006 in DMZ - Single NIC/IP - 28.Nov.2007 10:58:08 AM   
Rotorblade

 

Posts: 976
Joined: 27.Feb.2007
Status: offline 		Hi,

quote:


I am new to ISA and read that it requires two NICs in order to setup and create your trusted and untrusted networks?


As far as in terms of the Internal and External networks and the full functionality of the ISA firewall stateful and application packet inspection capabilities; you will need at least two NICs. The term of trusted or untrusted networks went bye-bye with the ISA 2000 LAT in ISA 2004. All network packet traffic is by default considered untrusted between networks. Access rules must be defined to permit traffic.

quote:


I am trying to put the ISA server in my DMZ with a public IP as my untrusted network. I want to open port 443 to it and than publish Exchange 2007 OWA rules to my internal Exchange 2007 OWA farm.


Placing of the ISA Firewall can be at the edge or behind another security device (front to back firewall) and placed at the perimeter. From your description it sounds like you want to place it at the perimeter and assign a public IP to the ISA external interface. With this setup scenario, it would mean that the front-end firewall would need to be configured to bridge the public IP back to the ISA’s external interface.

quote:


I want to open port 443 to it and than publish Exchange 2007 OWA rules to my internal Exchange 2007 OWA farm. Do I have to install another NIC for my internal network to make this work or can I just route the traffic through my DMZ network interfaces to my internal network and allow 443 from my ISA server internally to my CAS farm?  I do not want to setup a dual homed PC in my DMZ if at all possible

   
I would recommend that you publish through ISA.

HTH

RB


(in reply to ntnews)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> ISA2006 in DMZ - Single NIC/IP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts