Hi, My server network has public IP addresses that belong to a subnet range. And I'm supposed to build the ISA Server at the server network. However, I couldn't find the way to make the ISA Server work when assigning the 2 IP addresses, which belong to a subnet, to the 2 interfaces of the ISA Server. Please help, it really breaks my heart now.
Below are the methods that I think of, but ISA Server couldn't do the routing 1) (router)***.208.240.1<--->***.208.240.2(ISA Server)***.208.240.3<--->Internal network (public IP addresses in the network ***.208.240.0, subnet mask: 255.255.255.224) 2) (router)192.168.1.1<--->192.168.1.2(ISA Server)***.208.240.1<--->Internal network (public IP addresses)
Hi Ara.A, Yes, you're right, I am setting up the ISA Server to act as a firewall and help monitoring the network. 1)the external network should be able to access the internal network for certain services. 2)the internal network should be able to connect to the internet (external network) through the ISA Server. But if the 2 interfaces of the ISA Server belong to the same subnet, the 2 points above couldn't work Hope I make myself clear Thanks for any help
That is a crazy scenario to have same ip address subnet as outside and inside interface for isa server. Once you have the public ip address enabled on outside of isa, then you should add the internal side as lat. You have to be very careful then for assigning the lat entry. I have some other idea so it may help, donĘt know exactly (I am a newbie here)
(Live ip) router (192.168.1.*) --- (192.168.1.*) (ISA) (192.168.3.* for internal network) (192.168.4.* for isa third card DMZ)---(live ip)(exchange) LetĘs say you want to people outside access and send mail to you. Then you create a rule on router passing SMTP from external to internal. That packet automatically goes to isa external face and you publish the exchange and say any incoming SMTP to isa external goes to dmz interface. Then from there it is forwarded to your mail a server and processed. I think this is the most secure way. If you have a service running in internal network like a machine running xp and you want to do remote desktop on it, forward rdp protocol from router external to isa external and create publish rule that passes incoming rdp to external isa going to internal machine.
Tom is the big boy and he knows if my suggested scenario will work. Even confusing for myself
[ October 25, 2004, 04:39 AM: Message edited by: Ara ]
Hi Ara Because my server network has public IP addresses, and my company's service depends very much on the connection to the IP addresses of the servers. Thus, in my case, I think we can't use private IP addresses for my server network That's the reason why it break my heart now
I also think about this scenerio (which doesn't seem to get much replies ).
The internal & external NICs need to be on different networks...Perhaps what you could do:
1) Give internal network private IPs 2) Assign ISA external NIC your plethora of public IPs (those IPs that external needs to access). 3) Create publishing rules & listeners on the public IPs to the private IP machines?
Not sure if the above works, no one really answered that question