Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ISA 2006 Installation
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ISA 2006 Installation - 5.Mar.2008 12:13:40 PM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
Hi everyone,
This is my first post on this forum and I've been looking through all of the forums for some direction, but cannot find what I am looking for so I am hoping I can get some help from you all. I'm completely new to ISA 2006 and my biggest weakness is networking so please bare with me on my questions.
- When installing ISA 2006 - should the ISA servers be joined to my current domain? I only have one domain right now. If so, do I make it a DC, Member Server, or just a Stand Alone on my domain?
- My goal is to connect two offices with the ISA servers and then give outside users the ability to access my network via VPN. Anyone have instructions on creating VPN user access? I think I have what I need to setup the site-to-site access between the two offices.
Any help would be greatly appreciated.
John
|
|
|
|
|
RE: ISA 2006 Installation - 9.Mar.2008 1:22:48 PM
|
|
|
elmajdal
Posts: 5616
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
quote:
When installing ISA 2006 - should the ISA servers be joined to my current domain? I only have one domain right now. If so, do I make it a DC, Member Server, or just a Stand Alone on my domain?
Join ISA Server to you Domain, make it a domain member and never a DC.
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
quote:
- My goal is to connect two offices with the ISA servers and then give outside users the ability to access my network via VPN. Anyone have instructions on creating VPN user access? I think I have what I need to setup the site-to-site access between the two offices.
Read this : http://www.isaserver.org/articles/2004vpnserver.html
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net
Covering ISA Server/TMG, Windows Server 2008 & Windows 7
|
|
|
|
|
RE: ISA 2006 Installation - 11.Mar.2008 6:44:47 PM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
Hi Tarek,
I appreciate your response, but I'm starting over as I royally screwed up my config. If possible, can you help me with these questions as I think some of the problems I am having exist with the current server config.
- I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?
- Is there a ISA SE 2006 setup guide I can use to install? I have two identical servers that I am using to connect two offices and VPN access for outside users. This is my first time setting up ISA and I'm a little lost to be honest. I am currently using the "Creating a Site to Site VPN using ISA 2006 Firewall..." and hope this is a good start.
|
|
|
|
|
RE: ISA 2006 Installation - 11.Mar.2008 9:49:00 PM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
Hi Tarek,
Onee more thing, I noticed that you sent me a link to the 2004 VPN Server setup. I'm assuming there is not much difference from the 2006 setup?
|
|
|
|
|
RE: ISA 2006 Installation - 12.Mar.2008 12:10:49 PM
|
|
|
elmajdal
Posts: 5616
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
quote:
ORIGINAL: jgarcia
Hi Tarek,
Onee more thing, I noticed that you sent me a link to the 2004 VPN Server setup. I'm assuming there is not much difference from the 2006 setup?
Thats Correct.
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net
Covering ISA Server/TMG, Windows Server 2008 & Windows 7
|
|
|
|
|
RE: ISA 2006 Installation - 12.Mar.2008 12:14:27 PM
|
|
|
elmajdal
Posts: 5616
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
quote:
I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?
Check this : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
Configure First your Network Interfaces then install ISA Server.
quote:
Is there a ISA SE 2006 setup guide I can use to install? I have two identical servers that I am using to connect two offices and VPN access for outside users. This is my first time setting up ISA and I'm a little lost to be honest. I am currently using the "Creating a Site to Site VPN using ISA 2006 Firewall..." and hope this is a good start.
It is , also check this site by Adrian, it has many articles for VPN with ISA Server 2006 : http://www.carbonwind.net/ISA/isa.htm
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net
Covering ISA Server/TMG, Windows Server 2008 & Windows 7
|
|
|
|
|
RE: ISA 2006 Installation - 12.Mar.2008 6:45:31 PM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
quote:
I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?
Check this : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
Configure First your Network Interfaces then install ISA Server.
Hi Tarek,
Thanks for this, but I ran into a problem. On page 8 of 15 when Configuring IP Settings on the South Interface I followed all the details, but when I am done - I cannot RDC to the server. The only workaround I was able to figure out was to not give the South (internal) NIC a static IP, but follow all your other settings. I did add a System Policy previously to allow RDC (Telnet) and MMC and it was working fine before. Also, when I do the ipconfig /all on page 13 of 15 the oly variance I see is the Node Type should be Hybrid and I have Unknown and WINS Proxy Enabled should be No and I have Yes.
What am I missing?
|
|
|
|
|
RE: ISA 2006 Installation - 12.Mar.2008 9:44:07 PM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
Another issue. On my second ISA server that I am setting up - I couldn't install ISA because I was getting a setup failed while creating Server Storage. I found out on this forum that if I removed the server from the domain I could install ISA. Now that ISA is setup - I cannot add the server back to the domain. Am I missing something? Policy?
|
|
|
|
|
RE: ISA 2006 Installation - 16.Mar.2008 4:09:23 PM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
Hi All,
I got around my domain issue although I do not know if it was the right way.
Anyhow, I came in today to connect both my server in each office and these are the problems I am having that I've noticed so far:
- I see no session running for my VPN between both offices. I'm about 5-7 minutes between the offices so I have been back and forth all morning as I cannot even RDP in. I think the RDP issue is that I allowed a certain IP range to access the serverm but not my actual computer name since I am on a different subnet. Someone correct me if I am wrong.
- I can't even access the internet from my workstation.
- If cannot issue the internal NIC a static IP because if I do - I cannot RDP to it eventhough I am in the same office and subnet
- I get this error under the "alerts" tab and I'm not sure how to fix it. Description: The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
External:0.0.0.1-96.247.58.255,96.247.60.0-96.255.255.254,97.0.0.0-126.255.255.255,128.0.0.0-192.168.0.255,192.168.3.0-223.255.255.255,240.0.0.0-255.255.255.254;
- I used this article (with Parts 1 and 2) http://www.isaserver.org/tutorials/Creating-Branch-Office-VPN-Connection-Remote-Site-Network-Wizard.html to setup my site to site VPN, but the only thing I wasn't to do were the steps on pages 6 and 7 from Part 1 and Page 4 on Part 2. Dimb question, but is this part of my problem?
< Message edited by jgarcia -- 16.Mar.2008 4:10:43 PM >
|
|
|
|
|
RE: ISA 2006 Installation - 17.Mar.2008 8:48:17 PM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
Hi Tarek,
Found that article that was one of the first things I did. Could it be something else?
|
|
|
|
|
RE: ISA 2006 Installation - 26.Mar.2008 12:06:09 AM
|
|
|
jgarcia
Posts: 24
Joined: 5.Mar.2008
Status: offline
|
I gave up on this last week and brought in a consultant to help me get things sorted out. Looks like one of the problems was one of my ISA servers that I ended up blowing away and started from the ground up. Everything is working fine, but got a couple of more questions for anyone.
- When I try to ping storage devices, servers, or other computers by netbios name I can't. If I do it by IP address - I can. DNS issue?
- Anyone have something I go use to start looking at for blocking certain sites and/or manage bandwidth? I need to dedicate our VoIP services over users internet.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
