Welcome to ISAserver.org

Single NIC Configuration in 2006?

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Web Proxy] >> Unihomed >> Single NIC Configuration in 2006?

Page: [1]

Message

<< Older Topic Newer Topic >>

Single NIC Configuration in 2006? - 27.Aug.2006 12:51:23 AM

Prodigus

Posts: 13
Joined: 17.Feb.2004
From: Houston
Status: offline

I only use ISA for outbound Proxy/cache.. wondering if this simple setup will still be an option in 2006.

Of course I also have an Exchange implementation starting in January so I suppose I may need both inbound and outbound proxy to allow for OWA.. hmmmm

Post #: 1

Featured Links*

RE: Single NIC Configuration in 2006? - 27.Aug.2006 4:57:44 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Prod,

Try not to break the ISA firewall's security by using the dreaded "hork mode" (single NIC).

Since the ISA firewall is likely more secure than your current firewall solutionk, why break the security the ISA firewall can provide you? There's a reason there are over 500+ articles on this site on how to deploy the ISA FIREWALL and not the ISA HORK MODE

Also, moving this to the Hork Mode section.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Prodigus)

Post #: 2

RE: Single NIC Configuration in 2006? - 28.Oct.2006 11:18:00 AM

pgisa

Posts: 3
Joined: 26.Oct.2006
Status: offline

Thomas,

We have been told by our security team that we cannot have a server in the dmz where a interface is connected to the internal LAN. I have been tasked with publishing OWA 2003 uisng ISA 2006 with the isa server being in the dmz
I know it is not good to use ISA in a unihomed scenario for this but i really dont have a choice. I have configured the server in the dmz with a single nic template and created a exchange publishing rule to listen for http://owa.mycompany.com and told it to forward to our internal FE server. I have exported the certificate from the FE server and installed it on the ISA server. The isa server is in a workgroup.
The FE server is configured with basic authentication with domain \
OWA works fine internally....
The ISA has a hosts file with http://owa.mycompany.com pointing to the nat'd ip of the FE server.
Problem:
From the outside i get a isa 2006 login page but i cannot login using my credentials? the login box just sits there with my credentials
How should i configure authentication on the isa box?
I have read the articles on doing this with isa 2004 but i havent found any docs for 2006. The one thing i am not sure about is the ssl options when you create the exchange publish rule where you can choose ssl or non ssl to the internal FE server?
The NAT is ok from the PIX point of view as i have got our network guys to check this and have seen the traffic being nat'd.

The ISA firewall policy has nothing other than the published rule and a icmp rule to all networks to allow us to check the connectivity

Am i close to this working and it just being a authentication mismatch or am i way off?

Let em know if you need more details.

Regards

PG

(in reply to tshinder)

Post #: 3