Scenerio: Network only uses public IPs and it isn't possible to reconfigure network so that ISA is between external/internal networks. This is fine, current goal is to firewall some servers in a room. All machines (servers & workstaions) are in the same public IP range:x.y.125.0 to x.y.125.255.
The domain controllers are currently located on the external side of ISA. (After successfully protecting the 'proposed' workstations, DCs will be inside ISA and network will be outside.)
The external NIC connects to the rest of the subnet/world while the internal is only connecting to a couple of machines. When installing ISA, x.y.125.0 - x.y.125.255 was specified as the internal network.
I am a little confused in the article about 'adding static routes'
1) Does the preinstallation procedures above (before ISA software install) agree with a valid install?
2) I utilized, "route add -p x.y.125.0 255.255.255.0 x.y.125.17" The x.y.125.17 NIC (external) has default gateway of the router on subnet --> x.y.125.100. Which entails: a) Enables me to connect/verify AD 'connectivity.'
Again i'm unsure if this was the proper intent on how to use the 'route add,' command.
3) The odd thing is, although the '-p' switch is utilized for a persistent route, and upon reboot, 'route print,' exhibits the route still exists, AD connectivity (others as well) is lost, until i remove the route, then re-add it it.
I'm sorry for these newbie questions but although i'm reading the articles/books, I would appreciate any available assistance
If my internal network exists on both the external and internal NIC, does this require different configurations such as enabling file & printer sharing and Client for MS networks? Also how to configure the 'route' properly.
So i tested out ISA implementation utilizing common scenerios, having internal NIC with private IPs and external NIC with 1 public IP. Works perfectly All ports including the 1745 were 'stealthed.'
I've been researching many books and FAQs(including ISA Server 2000 versions - Sygress), but haven't found a University Scenerio type info.
Has anyone performed tests/reearch with ISA when both the Internal/External NICs have public IPs that are the "Internal Network?"
Hmm, perhaps this just means that in this situation ISA isn't capable of supporting "SecureNAT clients" Please correct me if I'm wrong. Thus would the general consensus suggest utilizing, the "Firewall client" in this University Scenerio foregoing "SecureNAT" functionality?
The ISA 2004 firewall has no problem with this. You just need to create a route relationship between the Internal and External network. Make sure to install the Firewall client and configure the browsers as Web Proxy clients! You need security. If you didn't need security, you'd use a PIX.