Welcome to ISAserver.org

Newbie Setting Up

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 General] >> Installation and Planning >> Newbie Setting Up

Page: [1]

Message

<< Older Topic Newer Topic >>

Newbie Setting Up - 5.Aug.2008 4:17:44 AM

twdo

Posts: 1
Joined: 5.Aug.2008
Status: offline

Alright. I was out looking for a way to host multiple websites across a single IP address and on different computers and came across a reference to ISA Server. So, I went ahead and did a little research on what it was, how come I never heard of it, and if I could use it for many different needs. I went ahead and downloaded the trial.

Here is my network setup.

- Cable modem with a dynamic IP address. It was static, but recently changed it to dynamic to save money. Nettica, my DNS provider, has a dynamic IP update service you can install on a local machine and it will update multiple A records with your IP.

- One Windows Server 2003 with ISA installed on it. It has 2 network cards installed. One NIC is plugged into the cable modem directly; the other is plugged into my wireless router. Into the Internet port? Just one of the LAN ports?

- Numerous Windows XP and Windows Server 2003 machines on the network using wireless adapters and plugging directly into the Linksys.

I have ISA installed and running on the firewall box.I have created access rules allowing me to access the Internet from that box (local host). When the LAN (Local) NIC is plugged into one of the 4 LAN ports on the Linksys, I can access the local network via ping by IP address. When I plug the ISA box's Local NIC into the Internet port on the Linksys, I can no longer access the LAN at all. None of the LAN boxes have any sort of Internet connection what-so-ever. I do not think this is within the rules. I think I set the rules up correctly. I think that my local Internet requests are not being routed through the ISA box. Does that make sense? Since all local computers are connected to the Linksys, how do I get the Linksys connected to the ISA box and getting an Internet connection from the ISA box's NIC?

If you can help me out with a little "hand-holding", I would appreciate it. If you just want to point me to some online webcasts or tutorials that show me how to set it all up, that would be appreciated as well.

I am really anxious to get this up and running. I have been looking for something like this for a few years and I can not believe that I had not already learned of ISA Server before.

Thank you in advance. I really appreciate it.

Post #: 1

Featured Links*

RE: Newbie Setting Up - 5.Aug.2008 8:47:00 AM

gbarnas

Posts: 155
Joined: 27.Apr.2005
From: New Jersey
Status: offline

I've helped a few local associates get jump started with ISA, and created a document to "jump-start" the initial setup so they could get experimental quickly. You can find it at http://www.innotechcg.com/tech/howto/main.asp?BODY=ISA%20Server%20Installation%20Basics.htm Keep in mind that this document is only to get a small environment operational, and the rules defined allow fairly generic access. You'll most likely want to fine tune them as you gain experience. ISAServer.ORG has a wealth of how-to's as well (as you know, since you're here!), from simple to the complex.

As for DDNS, I've been very happy with ChangeIP for my lab. Domain registration includes DDNS service with secure updates, mail relay, and URL redirection. I purchased the commercial version of DirectUpdate (www.directupdate.net) - it runs as a service and monitors/registers the DDNS records. Highly recommended. I'd also strongly recommend that whatever product you use to register your DDNS records, you obtain one that runs as a service.

Your ISA Firewall should connect between the cable modem and your internal network. If you plan to secure the wireless using some form of WPA encryption, simply plug the internal interface into one of the LAN ports on the router, and ignore the WAN port. On the other hand, you can add a NIC to the ISA firewall and use a crossover cable to connect to the WAN port, creating a perimeter network for wireless users. This can allow you to run an open wireless hotspot, with one rule to grant outbound access. Wireless access to the LAN would be through VPN. That's a more complex configuration, with the need for additional subnets, routes, and rules, but I find it's well worth the learning experience at some point in your lab.

To put the above into perspective, the ISA Firewall is also a router.. as is the wireless device. In a basic configuration, you will use the wireless router simply as a Wireless Access Point, with access only from the "LAN" side. The ISA should be the default gateway for all internal devices. In the WiFi hotspot config, the wireless device is used as a router, to route traffic between the wireless (and wireless LAN ports) and the ISA. For now, I'd suggest you keep it simple and ignore the WAN port.

Here's a very simple configuration "W" is the WAN port, "L" are the LAN ports

W
WRT54G
LLLL
| |______internal network devices
|
ISA
|
Cable
Modem

ISA uses the external interface as it's gateway. All internal devices use the ISA Internal interface as their gateway.

That should be enough to get you moving in the right direction.

One final comment - RESIST the temptation to create an "Allow All Outbound" rule.. it's very bad practice. During the initial development of your lab, it's OK to define such a rule temporarily to confirm that A) you have proper outbound routing, and B) you don't have a rule configured properly to allow access when the "allow all" rule is disabled. Once you get your lab operational and feel comfortable with rulesets, REMOVE the allow all rule so it doesn't get enabled unintentionally.

Glenn

< Message edited by gbarnas -- 5.Aug.2008 8:51:38 AM >

(in reply to twdo)

Post #: 2