Hi All I am just about to attempt the setup of an ISA 2006 Firewall behind a Cisco Pix 506 any advice welcome. Can I have the ISA Server cards on the same network or should I have them on different networks?
Any advice welcome I am a complete novice at this and have got Mr T's book but not had time to read it yet!!
That's the thread I started on a firewall very similar to the PIX you are using.
Your PIX needs to be on a different network than your internal network.
Your PIX could have: IP: 192.168.1.1
And your ISA External NIC would then be: IP: 192.168.1.2 (as long as its in the same subnet)
Then your ISA Internal NIC would be: IP: 192.168.2.1 (whatever you want your internal network to be)
You'll want to make sure that your ISA server has a rule to allow DNS (assuming your doing DNS forwards).
If your PIX has dhcp enabled on it like my Sonicwall did, you'll want to setup your dhcp somewhere on your internal network.
The only problem with a setup like this (that I've ran across) is if your PIX has something like content filtering with IP exclusions -- it won't work anymore, you would need to set this up on ISA (for example, at my company, the users on the afternoon shifts were spending ours on the net, so we needed to cut off certain computers from x to y time) -- but again, still configurable in ISA.
Dr T is around these forums and was a great help for me (I was just like you, and really, still am).
And just a tip, the logging in ISA is your friend :)