• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Preinstall ISA wtih Public IPs only

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Preinstall ISA wtih Public IPs only Page: [1]
Login
Message << Older Topic   Newer Topic >>
Preinstall ISA wtih Public IPs only - 16.Jul.2004 1:10:00 AM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
Hello,

Scenerio: Network only uses public IPs and it isn't possible to reconfigure network so that ISA is between external/internal networks. This is fine, current goal is to firewall some servers in a room. All machines (servers & workstaions) are in the same public IP range:x.y.125.0 to x.y.125.255.

So, when following Interface Config the network layout is as follows:

x.y.125.17(external NIC) -- ISA -- x.y.125.18(internal NIC) --> hub/switch --> proposed protected workstations.

The domain controllers are currently located on the external side of ISA. (After successfully protecting the 'proposed' workstations, DCs will be inside ISA and network will be outside.)

The external NIC connects to the rest of the subnet/world while the internal is only connecting to a couple of machines. When installing ISA, x.y.125.0 - x.y.125.255 was specified as the internal network.

"[Confused]" I am a little confused in the article about 'adding static routes' "[Confused]"

1) Does the preinstallation procedures above (before ISA software install) agree with a valid install?

2) I utilized, "route add -p x.y.125.0 255.255.255.0 x.y.125.17" The x.y.125.17 NIC (external) has default gateway of the router on subnet --> x.y.125.100.
Which entails:
a) Enables me to connect/verify AD 'connectivity.'

"[Confused]" Again i'm unsure if this was the proper intent on how to use the 'route add,' command.

3) The odd thing is, although the '-p' switch is utilized for a persistent route, and upon reboot, 'route print,' exhibits the route still exists, AD connectivity (others as well) is lost, until i remove the route, then re-add it it.

I'm sorry for these newbie questions "[Frown]" but although i'm reading the articles/books, I would appreciate any available assistance "[Smile]"

Thank you,
Edgardo
Post #: 1
RE: Preinstall ISA wtih Public IPs only - 16.Jul.2004 5:35:00 PM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
I suppose what i'm asking is:

If my internal network exists on both the external and internal NIC, does this require different configurations such as enabling file & printer sharing and Client for MS networks? [Confused] Also how to configure the 'route' properly.

Thanks,
Edgardo

[ July 16, 2004, 05:52 PM: Message edited by: grinn253 ]

(in reply to grinn253)
Post #: 2
RE: Preinstall ISA wtih Public IPs only - 17.Jul.2004 2:29:00 AM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
Additional news:

So i tested out ISA implementation utilizing common scenerios, having internal NIC with private IPs and external NIC with 1 public IP. Works perfectly [Smile] All ports including the 1745 were 'stealthed.'

I've been researching many books and FAQs(including ISA Server 2000 versions - Sygress), but haven't found a University Scenerio type info.

[Confused] Has anyone performed tests/reearch with ISA when both the Internal/External NICs have public IPs that are the "Internal Network?" [Confused]

Hmm, perhaps this just means that in this situation ISA isn't capable of supporting "SecureNAT clients" Please correct me if I'm wrong. Thus would the general consensus suggest utilizing, the "Firewall client" in this University Scenerio foregoing "SecureNAT" functionality?

Thanks all,
Edgardo

[ July 17, 2004, 02:32 AM: Message edited by: grinn253 ]

(in reply to grinn253)
Post #: 3
RE: Preinstall ISA wtih Public IPs only - 17.Jul.2004 9:53:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Edgardo,

The ISA 2004 firewall has no problem with this. You just need to create a route relationship between the Internal and External network. Make sure to install the Firewall client and configure the browsers as Web Proxy clients! You need security. If you didn't need security, you'd use a PIX. [Smile]

HTH,
Tom

(in reply to grinn253)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> Preinstall ISA wtih Public IPs only Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts