Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA Installation behind a SCM McAfee

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> ISA Installation behind a SCM McAfee Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA Installation behind a SCM McAfee - 7.Oct.2007 12:10:50 PM   
gtorrecilla

 

Posts: 7
Joined: 3.Sep.2007
Status: offline 		Hello, i've installed several times ISA server 2004, but this time i have problems with an specific topology.

I'm trying to this:
INTERNET --> ASA (firewall cisco) --> SCM McAfee --> ISA

This is the physical topology:
http://www.gigasize.com/get.php?d=w6lt2dzt93b
1 ethernet card for the ISA server, and 1 ethernet card for the SCM McAfee

The SCM McAfee works with the mails and HTTP protocol.  If i configure in any client the SCM IP Address in
Tools --> Internet options --> connection --> lan settings
the client can use internet.
If i apply this configuration in the server, the iexplorer works ok, reaching the internet throught the SCM --> ASA.

In the server, in the ethernet card, the firewall is the default Gateway (right now), and the DNS are the external DNS. It works OK and the clients reach internet, but throught this way    ISA --> ASA.
i mean the primary connection to internet is through the firewall.

If i change the default gateway (for the SCM IP Address) it just  don't work.

is there any way to configure the ISA for using another configuration to reach the internet? i.e. using the Iexplorer configuration?
I've been looking for information in technet and other stuff but i couldn't make it work.

Should i change the topology? using 2 ethernet cards for the ISA Server and the SCM Appliance? something like this:
Internet --> ASA --> SCM (Transparent Bridge) --> ISA (back to back or edge) --> clients?

Regards

< Message edited by gtorrecilla -- 7.Oct.2007 12:34:38 PM >
Post #: 1
RE: ISA Installation behind a SCM McAfee - 9.Oct.2007 6:45:44 AM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Get another NIC in that ISA Firewall ASAP! That ASA isn't going to protect you like the ISA Firewall will.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to gtorrecilla)
Post #: 2
RE: ISA Installation behind a SCM McAfee - 10.Oct.2007 7:04:24 AM   
gtorrecilla

 

Posts: 7
Joined: 3.Sep.2007
Status: offline 		That's only a test server.
That ISA will be behind and IDS, the Firewall Cisco (ASA), and a McAfee SCM Appliance .
Almost that you think i should use 2 NIC? Why?

Any help about the internet connection?

Thanks!

(in reply to tshinder)
Post #: 3
RE: ISA Installation behind a SCM McAfee - 20.Oct.2007 4:58:25 PM   
gtorrecilla

 

Posts: 7
Joined: 3.Sep.2007
Status: offline 		Hello!
Just to tell you that i can fix the problem
The key was the UPSTREAM PROXY SERVER in
Configuration --> Networks --> Last Default Rule (properties) --> Action

if anyone needs asistant just tell me.
i'll do all what i can

Regards

(in reply to gtorrecilla)
Post #: 4
RE: ISA Installation behind a SCM McAfee - 21.Oct.2007 11:16:24 AM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Maybe if you put the ASA on Ebay and get the ISA Firewall fully configured things would be more secure and work better?



Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to gtorrecilla)
Post #: 5
RE: ISA Installation behind a SCM McAfee - 24.Oct.2007 2:01:53 AM   
gtorrecilla

 

Posts: 7
Joined: 3.Sep.2007
Status: offline 		2 things
1- Isa server configured with one interface doesn't work as a firewall, just like a proxy server?
2- The ASA isn't connected direct to the internet, the full topology is something like this:
INTERNET -- IPS&IDS -- ASA --SCM WEBSHIELD -- ISA -- CLIENT

even that it's more expensive, it's more secure

(in reply to tshinder)
Post #: 6
RE: ISA Installation behind a SCM McAfee - 9.Jan.2008 7:30:31 AM   
vuilverwerking

 

Posts: 26
Joined: 29.Dec.2006
Status: offline 		 Don't forget to turn on Windows Firewall on your clients!!!
Maybe return the SCM and buy some good Add In software for ISA.

GFI, McAfee SSH.....

(in reply to gtorrecilla)
Post #: 7
RE: ISA Installation behind a SCM McAfee - 22.Jan.2008 1:22:13 PM   
gtorrecilla

 

Posts: 7
Joined: 3.Sep.2007
Status: offline 		The SCM is a McAfee SCM, so why are you use more processor % in one server if you can do some work in another one?

(in reply to vuilverwerking)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> ISA Installation behind a SCM McAfee Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts