• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Does ISA server 2006 need an external card?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Does ISA server 2006 need an external card? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Does ISA server 2006 need an external card? - 26.Feb.2007 12:59:49 PM   
mclaughlin

 

Posts: 15
Joined: 26.Feb.2007
Status: offline
Hi, very new ISA user here. We have a blade system here, with 2 network cards on each server. Both are internal cards, so I am wondering - Do I need an external card and address, or can I set up my ISA server with just these 2 internal cards/addresses? Thanks!!
Post #: 1
RE: Does ISA server 2006 need an external card? - 26.Feb.2007 1:23:40 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
To have ISA perfoms with best performance, Install at least 2 NICs , one external &  one Internal , read this to know how : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

and make it a domain member.

HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to mclaughlin)
Post #: 2
RE: Does ISA server 2006 need an external card? - 26.Feb.2007 1:57:15 PM   
mclaughlin

 

Posts: 15
Joined: 26.Feb.2007
Status: offline
Thanks for the quick response! I do realize best practice is to have one internal address and one external, but can you use ISA with just an internal address? Thanks!!

(in reply to mclaughlin)
Post #: 3
RE: Does ISA server 2006 need an external card? - 26.Feb.2007 2:41:35 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Configuring ISA with a single NIC makes you loose many of the features provided by ISA , read the following :

quote:

  
Configuring ISA Server with a Single Network Adapter Configuration
Problem: There are a number of issues associated with the configuration of ISA Server on a computer with a single network adapter.
Cause: The causes include:


Multi-network firewall policy. In single network adapter mode, ISA Server recognizes itself (the Local Host network). Everything else is recognized as the Internal network. There is no concept of an External network. The Microsoft Firewall service and application filters operate only in the context of the Local Host network. (ISA Server protects itself no matter what network template is applied.) Because the Firewall service and application filters operate in the context of the Local Host network, you can use access rules to allow non-Web protocols to the ISA Server computer. This has implications for running applications located on the ISA Server computer.


Application layer inspection. Application level filtering does not function, except for Web Proxy Filter for Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and File Transfer Protocol (FTP) over HTTP.

Server publishing. Server publishing is not supported. Because there is no separation of Internal and External networks, ISA Server cannot provide the NAT functionality required in a server publishing scenario.

Firewall clients. The Firewall Client application handles requests from Winsock applications that use the Firewall service. This service is not available in a single network adapter environment.

SecureNAT clients. SecureNAT clients use ISA Server as a router to the Internet, and SecureNAT client requests are handled by the Firewall service. Because the Firewall service is not available in a single network adapter configuration, such requests are not supported.

Virtual private networking. Site-to-site virtual private networks (VPNs), and remote access VPNs are not supported in a single network adapter scenario.



Source : http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx


HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to mclaughlin)
Post #: 4
RE: Does ISA server 2006 need an external card? - 5.Mar.2007 11:19:38 AM   
mclaughlin

 

Posts: 15
Joined: 26.Feb.2007
Status: offline
Thanks again for the info. There are 2 NIC cards on the blade. What if the internal one was on the subnet of the internal network, and the "external" NIC was not really a true external address but a separate subnet? For instance, 192.1.?.? being our internal network and making the external NIC 192.168.?.?.......Thanks in advance!!

(in reply to mclaughlin)
Post #: 5
RE: Does ISA server 2006 need an external card? - 5.Mar.2007 11:23:12 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi again,

ISA NICs have to be on different Networks.
as u said if the internal on 192.168.x.x , u need to have your External or any other NIC on a different Network ID, such as 10.x.x.x etc...

Is there a router infront of your ISA and the Internal NIC of the router has the Network ID 192.1.x.x  ?

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to mclaughlin)
Post #: 6
RE: Does ISA server 2006 need an external card? - 5.Mar.2007 11:45:21 AM   
mclaughlin

 

Posts: 15
Joined: 26.Feb.2007
Status: offline
Yes, the ISA server is behind the router, with the router having a 192.1.?.? address. So you are saying 2 different subnets would not cut it? Because we would put the router and isa server in the 192.168 subnet, while the internal network is in the 192.1 subnet.I appreciate your patience in answering!

(in reply to elmajdal)
Post #: 7
RE: Does ISA server 2006 need an external card? - 5.Mar.2007 12:30:20 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

So you are saying 2 different subnets would not cut it?


Yes, as i said, each NIC on ISA has to be on a DIFFERENT Network ID.

Thanks,
Tarek.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to mclaughlin)
Post #: 8
RE: Does ISA server 2006 need an external card? - 5.Mar.2007 12:56:34 PM   
mclaughlin

 

Posts: 15
Joined: 26.Feb.2007
Status: offline
Okay, hopefully this is my last question!!  lol  I always thought the network ID was the 192.1, with the subnet being the .1 (for instance), then the host. So if I have a 192.1 and a 192.168, aren't they 2 separate network ID's?

                                     
                                        

(in reply to mclaughlin)
Post #: 9
RE: Does ISA server 2006 need an external card? - 5.Mar.2007 1:40:39 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
It all depends on the Subnet mask



_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to mclaughlin)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Does ISA server 2006 need an external card? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts