Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What is the best topology?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> What is the best topology? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What is the best topology? - 2.Sep.2005 9:20:00 AM   
duck304

 

Posts: 26
Joined: 23.Apr.2004
Status: offline 		Hi

I want to test ISA2004 before I want it to use it in our new company.

I already installed a PDC with Exchange and SQL and that works great...

What is the best way to install the ISA-server. I know that I have to use a seperate computer specialy for ISA, but I don't know "where" I put ISA.. I can think of the following options:

Internet ----> modem -----> ISA server -----> PDC -----> Patchpanel -----> clients

OR

Internet ----> modem -----> ISA server -----> Patchpanel -----> PDC and clients..

Does someone know the right place to "put" it?
I think that the second option is the best... I don't have a motivation for this option...

Also I have another question.... does I have to make the ISA-server a member of the domain, or can I just leave it in a workgroup..

[ September 02, 2005, 10:42 AM: Message edited by: duck304 ]
Post #: 1
RE: What is the best topology? - 2.Sep.2005 1:19:00 PM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline 		It doesn't matter where you put the patch panel, as long as you make sure that all the inbound and outbound internet traffics only go through ISA server.

I think you wanted to say a router instead of patch panel, right?, because patch panel is just an extension of cat5 cables. It abosulutely does nothing.

Make ISA part of the domain.

[ September 02, 2005, 01:21 PM: Message edited by: ISAwader ]

(in reply to duck304)
Post #: 2
RE: What is the best topology? - 2.Sep.2005 2:59:00 PM   
duck304

 

Posts: 26
Joined: 23.Apr.2004
Status: offline 		What about DNS. I installed my ISA server in a workgroup, and the internet worked local on the ISA server, and also on the DC.

Here is my configuration:

DC
NIC 1:
IP: 192.168.4.1 (nic to my local network)
Subnet: 255.255.255.0
Gateway: 192.168.4.254 (my ISA server)
DNS:

NIC 2:
IP: 192.168.4.210 (nic to ISA)
subnet: 255.255.255.0
Gateway:
DNS: 192.168.4.1 (my DC is installed as DNS-server)

My ISA-server has the following:
NIC 1:
IP: 10.0.0.150 (to my modem and ISP)
Subnet: 255.2555.255.0
Gateway: 10.0.0.138
DNS: 10.0.0.138

NIC 2:
IP: 192.168.4.254
Subnet: 255.255.255.0
NO GATEWAY
DNS: 192.168.4.1 (my DC)

Why is it that my clients doesn't have internet, but my ISA-server and my DC do have?
I think that's because of my DNS..

But when I install de ISA server as DNS-server, the server is weak (I read that on this site)...

How do I get this working, or is my IP-setting wrong?

(in reply to duck304)
Post #: 3
RE: What is the best topology? - 2.Sep.2005 4:59:00 PM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline 		Ahhh, now I am getting some details..

SUGGESTIONS:

quote:

DC
NIC 1:
IP: 192.168.4.1 (nic to my local network)
Subnet: 255.255.255.0
Gateway: 192.168.4.254 (my ISA server)
DNS:
1)
Configure the DNS: setting as 192.168.4.1

2) Disable the NIC2 on the DC. I am not sure why you want that.

quote:

My ISA-server has the following:
NIC 1:
IP: 10.0.0.150 (to my modem and ISP)
Subnet: 255.2555.255.0
Gateway: 10.0.0.138
DNS: 10.0.0.138
3) Remove the DNS entry on NIC1 from the ISA server.

4) Make ISA part of the domain

5) Point all the internal clients' default gateway to 192.168.4.1

6)Find out what's the IP number for your ISP's DNS cache server. Enter that IP as the forwarder in your DNS server.

7) Configure 192.168.4.1 as the DNS server for all the internal clients.

8) Remove all the firewall clients from the servers if you have installed them, but leave it on clients.

9) Configure your Internal Network and add the following IP range 192.168.4.0 - 192.168.4.255

10)Configure an Access rule, which allows all protocol from Internal to External Networks for All Users.

Now test you web traffic...

[ September 02, 2005, 05:03 PM: Message edited by: ISAwader ]

(in reply to duck304)
Post #: 4
RE: What is the best topology? - 3.Sep.2005 12:35:00 PM   
duck304

 

Posts: 26
Joined: 23.Apr.2004
Status: offline
quote:
Originally posted by ISAwader:
2) Disable the NIC2 on the DC. I am not sure why you want that.
I use the second NIC for my clients. The DC is connected to a switch, and my clients are connected to the switch.... Is that a good configuration, or should I configure it in a different way?.

I configure my network as the following:

Internet ---> modem ----> ISA-server ----> DC ----> Switch ----> clients

[ September 03, 2005, 06:45 PM: Message edited by: duck304 ]

(in reply to duck304)
Post #: 5
RE: What is the best topology? - 3.Sep.2005 7:00:00 PM   
duck304

 

Posts: 26
Joined: 23.Apr.2004
Status: offline 		I also wrote a topic on a dutch forum, and there they told my that I have to configure ISA --> Switch ---> DC and clients... and not the first option..

In this configuration, I can disable the second NIC on my DC

[ September 03, 2005, 07:02 PM: Message edited by: duck304 ]

(in reply to duck304)
Post #: 6
RE: What is the best topology? - 4.Sep.2005 8:24:00 AM   
duck304

 

Posts: 26
Joined: 23.Apr.2004
Status: offline 		I know installed as internet ---> modem ---> ISA Server ---> switch ---> DC and clients...

I installed the ISA-server as a member of the domain, but when in logon with the administrators account of the domein, I'm not a administrator on the ISA-server.

I don't see any option to setup users on the ISA-server. Where can I add the administrator of my domain, to the administrators-group of my ISA? ISA is installed on Windows 2003 standard.

(in reply to duck304)
Post #: 7
RE: What is the best topology? - 4.Sep.2005 10:41:00 PM   
isawader

 

Posts: 420
Joined: 27.Apr.2005
Status: offline 		Now your setup is correct.

Internet
|
|
ISA2004
|
|
|
switch---DC
|
|
clients

You should add ISA to the domain as a member server. Once you do that, the Domain Administrators group from the DC is added to the Local Administrators group of ISA. Then you can log onto ISA with the Domain Administrator account and perform anything.

Follow my steps I outlined previously. You shouldn't have any problem as long as you know what you are doing.

(in reply to duck304)
Post #: 8
RE: What is the best topology? - 5.Sep.2005 12:19:00 PM   
duck304

 

Posts: 26
Joined: 23.Apr.2004
Status: offline 		It got it working... Now I just have to find out how I publish my Exchange (OWA) and FTP. I just take a good look at the tutorials and at www.msexchange.org...

If I have problems where I can find a solution for it, I'll post it (first checking If someone else has the same problem)...

Thanx.... ISA looks great and works...

(in reply to duck304)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> What is the best topology? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts