• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Single NIC limitations?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Single NIC limitations? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Single NIC limitations? - 10.Apr.2008 11:06:56 PM   
icroyal

 

Posts: 9
Joined: 10.Apr.2008
Status: offline
I have heard that with 1 NIC you can only do HTTP publishing which includes OWA/EAS/OWA.  What about if I need to do SMTP Publishing or VPN to the internal network.  Do I really need 2 NICs or is this 1 NIC limitation to HTTP only a myth?

Thanks.
Post #: 1
RE: Single NIC limitations? - 11.Apr.2008 2:49:43 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

quote:

  
Configuring ISA Server with a Single Network Adapter Configuration
Problem: There are a number of issues associated with the configuration of ISA Server on a computer with a single network adapter.
Cause: The causes include:

Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. The Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer. This has implications for running applications located on the ISA Server computer.


Application layer inspection. Application level filtering does not function, except for Web Proxy Filter for Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) over HTTP.


Server publishing. Server publishing is not supported. Because there is no separation of Internal and External networks, ISA Server cannot provide the NAT functionality required in a server publishing scenario.


Firewall clients. The Firewall Client application handles requests from Winsock applications that use the Firewall service. In a single network adapter environment, this service is only available in the context of the Local Host network (protecting the ISA Server computer), and Firewall Client requests are not supported.


SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. In a single network adapter environment, this service is only available in the context of the Local Host network (protecting the ISA Server computer), and SecureNAT client requests are not supported.


Virtual private networking. Site-to-site virtual private networks (VPNs) are not supported in a single network adapter scenario. Remote client VPN access is supported in a single network adapter scenario.



Source : http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx

HTH,
Tarek

< Message edited by elmajdal -- 11.Apr.2008 2:51:35 AM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to icroyal)
Post #: 2
RE: Single NIC limitations? - 11.Apr.2008 8:29:29 AM   
icroyal

 

Posts: 9
Joined: 10.Apr.2008
Status: offline
Thanks for that. 

1st question:
2 more questions.  My current client doesn't have a DMZ but wants SMTP Publishing.  If we use 2 NICs, will it be fine if both NICs are part of the same subnet and we use an Internet IP NAT'd to one of the internal IPs to use that NIC as the public NIC and then the other NIC on the same subnet as the internal NIC?

Will this work?

2nd question:
I see the following on the site you linked:
ISA Server Does Not Support Multiple External Interfaces Problem: ISA Server does not support multiple external connections to the Internet.
Cause: ISA Server does not support configuring multiple connections on the External network adapter.
Solution: No workaround. There are a number of third-party products that may provide a solution. For more information, see High Availability and Load Balancing at the Windows Server System Web site.


Does this apply in ISA 2006?  On the public interface, I was planning to have 2 IPs and NAT 2 different public IPs to each one of the 2 IPs on the internet facing NIC.



Thanks.

< Message edited by icroyal -- 11.Apr.2008 8:31:18 AM >

(in reply to elmajdal)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Single NIC limitations? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts