Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Trihomed ISA 2000 Question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Installation >> Trihomed ISA 2000 Question Page: [1]
Login
Message << Older Topic   Newer Topic >>
Trihomed ISA 2000 Question - 1.Mar.2004 4:54:00 PM   
aaronrichards

 

Posts: 3
Joined: 1.Mar.2004
Status: offline 		Via this msg board, I have read that you can have only 1 external interface...

I am not clear on if my scenario would fit in the two external interfaces scenario or if one of mine would/could be a DMZ...

Any help is appreciated.

MY scenario:

Preface:

We have an Active Directory domain structure setup in this way:

Root domain
2 child domains

Goal:
I need to secure against both the internet and the "other" child domain while allowing internet access through E1 as seen below and for AD replications, Exchange and other domain based traffic to pass through successfully on interface E2 as shown below...

What makes me think I can do this? I currently do this with Cisco's PIX, however, the management of commmand line PIX can be very intense and limited with regards to RPC traffic.

How is ISA setup right now?

| E1 |\
-------| I |
| E2 |/

E1 = Internet interface
E2 = Other internal child domain interface
I = Internal interface

note: E1 and E2 cannot access each other.
please forgive my feeble diagram

Does anyone know if I can successfully setup ISA 2000 to perform this way?

Thanks in advance for any help anyone might provide,

Aaron Richards
Post #: 1
RE: Trihomed ISA 2000 Question - 4.Mar.2004 4:49:00 AM   
sniper

 

Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline 		Aaron

That config will work you are building whats called a LAT based DMZ and to get the AD replication to work between the internal interface you will need to use packet filters.

Check these out they might help:

http://www.isaserver.org/tutorials/vpndmz.html

http://www.isaserver.org/tutorials/trihomedwirelessdmz.html

http://www.isaserver.org/tutorials/Allowing_Intradomain_Communications_Through_an_ISA_Server.html

(in reply to aaronrichards)
Post #: 2
RE: Trihomed ISA 2000 Question - 4.Mar.2004 6:40:00 PM   
aaronrichards

 

Posts: 3
Joined: 1.Mar.2004
Status: offline 		Thank you for your reply, cgregory, however, I am attempting to resolve this in another manner that seems to be working at the moment and does not involve using a vpn and has only 1 external and 1 internal interface. If all goes well, I will close this post out.

Thanks Again,
Aaron Richards

(in reply to aaronrichards)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Installation >> Trihomed ISA 2000 Question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts