• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Install ISA 2006 on DC

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Install ISA 2006 on DC Page: [1] 2 3 4 5   next >   >>
Login
Message << Older Topic   Newer Topic >>
Install ISA 2006 on DC - 11.May2009 12:55:45 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Hello guys.
I read this article http://www.isaserver.org/tutorials/Installing_ISA_Server_on_a_Domain_Controller.html ,but I don't understand some terms.
OK.
Here's my situation:
I have domain controller with 192.168.1.2 IP address also installed DNS + DHCP servers at DC.
I have 2 NICs in my computer.
I want to configure these NIC cards with appropriate settings:
I did it:
Internal:
IP:192.168.1.2
SM:255.255.255.0
DG:------------------
DNS:192.168.1.2

External:
IP: 94.X.X.X - my ISP IP address
SM: 255.255.255.0 - Is that correct?
DG: 94.X.X.1 - my ISP DG
DNS:-------------

Also I've configured Forwarders in DNS server with my ISP DNS servers IP addresses.

But after that,while I install ISA Server,I can't ping ISP Default Gateway.
After I install ISA Server on DC,I can't access internet,even if I create the appropriate rules. When I go DNS server and do simple and recursive query test,it gives me recursive query error.

Can you tell me what is the solution?

Thanks in advance.
Post #: 1
RE: Install ISA 2006 on DC - 11.May2009 2:06:55 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

Installing ISA Server/TMG on a DC is not supported.

Uninstall the Firewall from your DC machine.

ISA Server/TMG is a Firewall, keep it like this.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to OTO_777)
Post #: 2
RE: Install ISA 2006 on DC - 11.May2009 2:27:18 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Yeah,I know that mate,but I want to do it for my 70-351 exam.

Is there any solution how can I do that?

btw Are the NICs settings correct?

Thanks.

(in reply to elmajdal)
Post #: 3
RE: Install ISA 2006 on DC - 11.May2009 2:40:32 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Then install ISA as virtual Machine.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to OTO_777)
Post #: 4
RE: Install ISA 2006 on DC - 11.May2009 3:53:43 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Are my NICs configuration correct                  ?

(in reply to OTO_777)
Post #: 5
RE: Install ISA 2006 on DC - 11.May2009 3:56:24 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
You'll never get it to work correctly & you're making your network vulnerable to attack.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to OTO_777)
Post #: 6
RE: Install ISA 2006 on DC - 11.May2009 4:22:33 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
What do you mean I am making my network vulnerable to attack?

(in reply to SteveMoffat)
Post #: 7
RE: Install ISA 2006 on DC - 12.May2009 4:54:57 AM   
Dumber

 

Posts: 278
Joined: 21.Mar.2008
Status: offline
If you are "playing" with ISA for the exam I would use VMware, virtual PC or whatever you like.
Setup a DC and an ISA server within the virtual environment.
I've done this many times and it works great

Putting ISA on a DC raises the possible attack surface.
If the ISA box somehow gets compromised then your DC is also directly being compromised.

_____________________________

Marcel
Netherlands

MCTS, MCITP (SA,EA) MCP, MCSA:Security, MCSE:Security, CCNA, CCSA, CCSE, CCSE+
No matter how secure, there is always the human factor.
http://www.phetios.com/

(in reply to OTO_777)
Post #: 8
RE: Install ISA 2006 on DC - 12.May2009 12:56:54 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Thanks mate.

to all:
Are my NICs settings correct?

(in reply to Dumber)
Post #: 9
RE: Install ISA 2006 on DC - 12.May2009 2:53:53 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
I installed Win2K3 in VMware.
I add 2 NICS(1 birdge,1 NAT) in WinK3.
I've configured with following settings:
Internal:
IP:192.168.1.2
SM:255.255.255.0
DG:------------------
DNS:192.168.1.2

External:
IP: 94.X.X.X - my ISP IP address
SM: 255.255.255.0 - Is that correct?
DG: 94.X.X.1 - my ISP DG
DNS:-------------
But I can't ping my ISP Default gateway after that.
Can you tell me what may be a reason?

Thanks in advance.
OTO 

(in reply to OTO_777)
Post #: 10
RE: Install ISA 2006 on DC - 13.May2009 11:43:31 AM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Where are ISA masters?
Nobody knows are my NICs settings correct or not?

(in reply to OTO_777)
Post #: 11
RE: Install ISA 2006 on DC - 13.May2009 3:22:41 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Your NIC settings are incorrect.

What type of networking is your VM using?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to OTO_777)
Post #: 12
RE: Install ISA 2006 on DC - 13.May2009 4:16:46 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Internal - Bridge
External - NAT

Can you tell me why my settings are incorrect?

(in reply to SteveMoffat)
Post #: 13
RE: Install ISA 2006 on DC - 13.May2009 5:21:41 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
you will need to give the external ISA nic an ip address in the same network as the host.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to OTO_777)
Post #: 14
RE: Install ISA 2006 on DC - 13.May2009 6:12:52 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
I have the host in 192.168.1.0/24 network, so do I need to configure External NIC with IP address in this network?
I.E. 192.168.1.100

I've configured Internal NIC with such settings.
Isn't it correct?

Also don't I need to configure one of the NIC with ISP's IP addresses?

Thanks

(in reply to SteveMoffat)
Post #: 15
RE: Install ISA 2006 on DC - 13.May2009 6:54:03 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
Yes, no, no.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to OTO_777)
Post #: 16
RE: Install ISA 2006 on DC - 14.May2009 6:43:39 AM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Now I am confused. :(

I have 192.168.1.0/24 subnet.
My domain controller IP address is 192.168.1.2. Also I have DNS + DHCP on my DC.

MY ISP IP address 94.X.X.X
DG: 94.X.X.1
DNS servers are: 87.X.X.130 & 87.X.X.131

Can you tell me exactly what configuration do I need for Internal and External NICs?

Thanks in advance.

(in reply to SteveMoffat)
Post #: 17
RE: Install ISA 2006 on DC - 14.May2009 7:23:06 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
Nobody can help me?

(in reply to OTO_777)
Post #: 18
RE: Install ISA 2006 on DC - 15.May2009 11:10:07 AM   
Dumber

 

Posts: 278
Joined: 21.Mar.2008
Status: offline
please review:
http://blog.msfirewall.org.uk/2008/06/isa-servers-recommeded-network-card.html

_____________________________

Marcel
Netherlands

MCTS, MCITP (SA,EA) MCP, MCSA:Security, MCSE:Security, CCNA, CCSA, CCSE, CCSE+
No matter how secure, there is always the human factor.
http://www.phetios.com/

(in reply to OTO_777)
Post #: 19
RE: Install ISA 2006 on DC - 15.May2009 12:22:52 PM   
OTO_777

 

Posts: 63
Joined: 3.Jan.2009
Status: offline
thanks mate.
I know how to configure NICs(i.e. that I don't need DG for internal NIC,don't need DNS for External NIC etc.),but I don't know what IP addresses do I need.
Can you help me?

I wrote scenario in my post.

Thanks in advance. :)

(in reply to Dumber)
Post #: 20

Page:   [1] 2 3 4 5   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Install ISA 2006 on DC Page: [1] 2 3 4 5   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts