Posts: 47
Joined: 7.Mar.2005
From: Philadelphia
Status: offline
I have installed ISA2004 Ent on a W2K3 standalone machine that I am going to place in the PIX DMZ. I have 2 NICs configured on the server with 10.x.x.x being the internal and 192.x.x.x being the external (PIX DMZ). During the configuration, I was able to select and configure the internal network but what do I need to do to specify that the second NIC, 192.x.x.x, is the external NIC for the PIX DMZ?
Any IP number not included in either Internal Network or Perimeter Network will be automatically added to the External Network.
Can you elobrate on what do you mean by placing ISA in the PIX DMZ? Because I read another posting with this term "placing ISA in DMZ" and not quite sure what it means.
Posts: 47
Joined: 7.Mar.2005
From: Philadelphia
Status: offline
I have a PIX firewall on the edge network with three interface: internal, DMZ and external. The PIX perimeter network (DMZ) has a network IP of 192.x.x.x connected to its own swith. I have configured the ISA external NIC card with a 192.x.x.x to be part of this DMZ zone and plugged it to the PIX DMZ switch. I am trying to design a netowrk outlined in Thomas Shinder's article, "Playing Well with Others: Configuring the ISA Firewall on a PIX DMZ for Secure Remote Access to OWA and other Exchange Services." The option in the article for "ISA Firewall in a PIX DMZ Configuration."
What I'm assuming manoa means is that the ISA box will be within a DMZ - there will still be a PIX between it and the internet.
I have a question related to this subject as well - I'm going to have a similar config as manoa. What I'm not sure about is if I need a 3rd NIC for the DMZ network(s) (multiple layers exist today) to be specified.
1: Internal 2: DMZ machines (web, email, etc) 3: External through a hardware firewall
Is this correct? This may also be what manoa needs, if I'm thinking about it correctly. And please don't tell me that ISA can replace the hardware firewall, it won't happen anytime soon.
I have the 2004 ISA book but keep getting interrupted reading it. If there is a section in Chapter 4 that is pertinent, please let me know.
quote:Originally posted by manoa: I am trying to design a netowrk outlined in Thomas Shinder's article, "Playing Well with Others: Configuring the ISA Firewall on a PIX DMZ for Secure Remote Access to OWA and other Exchange Services." The option in the article for "ISA Firewall in a PIX DMZ Configuration."
Posts: 47
Joined: 7.Mar.2005
From: Philadelphia
Status: offline
Actually, I have only two NICs because the ISA is going to be place within the PIX's DMZ. The external IP address of the ISA is part of the PIX DMZ subnet. The PIX will nat the ISA external IP. I just wants to know if I need to define this DMZ subnet in the ISA management console as an external network since anything not define as internal is consider external.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Internal-External NICs 
Internal-External NICs - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread