Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OCS and ISA 2006 in a DMZ??
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OCS and ISA 2006 in a DMZ?? - 12.Jun.2008 4:56:55 AM
|
|
|
Sleurink76
Posts: 2
Joined: 12.Jun.2008
Status: offline
|
I've read the article of John Weber and Tom Pacyk (http://www.isaserver.org/tutorials/OCS-2007-ISA-2006-Firewall-Design-Architecture.html) about the ISA architecture for OCS deployment.
But...I've already tried this configuration and everything seems to be working...except the Audio / Video part. This is something we use very much.
The problem is that the Audio / Video of the OCS Access Edge Server can't be NAT. The only way to get this working, is by setting the Internet IP adress directly on the External NIC of the Access Edge Server.
Does anyone, maybey John or Tom :) , have an idea of how to get this working behind a firewall / DMZ construction??
Greetings,
Hans
|
|
|
|
|
RE: OCS and ISA 2006 in a DMZ?? - 12.Jun.2008 5:06:14 AM
|
|
|
Jason Jones
Posts: 1801
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
The best option is to create an anonymous access DMZ on ISA Server using public IP addresses.
You can then define a route relationship on ISA for the DMZ network which allows you to restrict inbound traffic whilst meeting the requiement not to use NAT.
Depending upon you public IP address range, you could either supernet this down or purchase a new public IP address range for the DMZ and get this routed via your Internet router to ISA.
I think this approach is going to be our recommendation, until Microsoft provides better guidance specifically for ISA used in the AV edge scenario.
Hope this helps...
Cheers
JJ
_____________________________
Jason Jones
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/
Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OCS and ISA 2006 in a DMZ?? - 12.Jun.2008 5:21:52 AM
|
|
|
Sleurink76
Posts: 2
Joined: 12.Jun.2008
Status: offline
|
Jason, thanks for the quick response.
I also thought to route the traffic through ISA, the only thing is that I don't have an example of a good configuration. The problem I ran into, is the gateway settings etc...
Do you know a good manual or white paper where this is described?
B.t.w., we have a whole C-class range, so IP's enough...;)
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
