Discuss the IAG 2007 articles

Discuss the IAG 2007 articles (Full Version)

All Forums >> [ISA 2006 Misc.] >> ISA Firewall Appliances

Message

tshinder -> Discuss the IAG 2007 articles (4.May2007 10:55:50 AM)
This thread if for discussing the IAG 2007 article series. Thanks! Tom

Osman -> RE: Discuss the IAG 2007 articles (11.Jun.2008 3:03:25 AM)
Hi We have an ISA server 2006 Ent. Edition, Configured as VPN Gateway,Internet sharing server,-Firewall : and we just purchased mIAG 500. We have single Public IP Address which configured on ISA Server External Interface(Internet). our question how we can configure mIAG to work together with isa server with the same Public IP address. Thank you in advance

Jason Jones -> RE: Discuss the IAG 2007 articles (11.Jun.2008 4:15:42 AM)
Ideally you would put IAG in parallel to your existing ISA Server, however you would need an addtional public IP address for this. I think IAG needs two interfaces to function correctly, otherwise you could simply conenct it to you LAN and then server publish it using the HTTPS Server option. You may need to look at creating a perimeter (DMZ) network on the ISA Server and then installing IAG in "bridging mode" between the DMZ and the internal network. The external interface of IAG will be in the DMZ and the internal interface will be on the Internal network. You can then server publish IAG as discussed above. Hope this helps... Cheers JJ

Pete89 -> RE: Discuss the IAG 2007 articles (20.Aug.2008 10:09:10 AM)
Hello, This is my first post to the group. We are a small company in Spain who has recently acquired a mISA 1200 and a mIAG 1200. We hope to accomplish the following with these devices: 1. Publish OWA via the Portal 2. Publish WSS via the Portal 3. Let remote users continue to use RPC over HTTPS via the Portal 4. Let remote users continue to use ActiveSync via the Portal 5. Maintain the site-to-site VPN with a branch office. Currently we have a ISA 2006 doing all this but this server must be decommissioned and therefore we have decided to go with the appliances. The network is pretty simple (I wish I could upload a picture though.) We have a FR circuit terminating on a Cisco router that has the only public IP we have. The router is simply forwarding all traffic to the ISA server which is on a private LAN 192.168.1.x Here is my plan. I need feedback because I have never touched and ISA server in my life, but I am very familiar with other firewalls and networking. 1. I have created a portal on the mIAG using port 4443 (this is on purpose ... keep reading) 2. I am publishing the apps the best I can with the documentation I can find on the Internet and from the hardware provider. 3. I am (still) trying to get the ISP to forward all traffic with destination tcp 4443 to the mIAG box. This way I can see how I am doing from the Outside and not affect production. 4. Once I am happy things work the way we want I will have the ISP change the port to 443 so all SSL traffic goes to the mIAG and hopefully we are flying. I will stop there because I'd like to hear opinions. I still have no idea how we are gonna swap out the ISA server for the mISA, which will really only take care of the site-to-site VPN. If you are wondering why we got the mISA at all, it is because according to the hardware vendor, you cannot use the site-to-site VPN capabilities of the mIAG because of license issues. Thanks for any tips and good documentation you might have. Also if anyone knows of a good forum for these devices, please let me know. P.

tshinder -> RE: Discuss the IAG 2007 articles (21.Aug.2008 9:11:43 AM)
Hi Pete, That's correct. You need to keep the ISA firewall for the site to site VPN. Check the Microsoft tech library for the IAG for detailed information. If you're in the US, my company Prowess Consulting can work with you if you need consultative help. I'm trying to get an IAG forum up here, so stay tuned. Thanks! Tom

Pete89 -> RE: Discuss the IAG 2007 articles (21.Aug.2008 9:17:47 AM)
Thanks for your reply Tom. I am on my own here in Granada Spain, and I am pretty sure I am one of the first people in Spain who has these appliances. I am trying to do this with documentation I can find on the web and that's it. Thanks, Pete

tshinder -> RE: Discuss the IAG 2007 articles (21.Aug.2008 9:37:35 AM)
Hi Pete, Well, Spain a little far away from Texas, so I don't think we'll be able to come on site [:D] You shouldn't have too many problems. The trunk can be configured to use 4443 while you're testing, and then later you can change the port for the trunk to use 443. HTH, Tom

Pete89 -> RE: Discuss the IAG 2007 articles (21.Aug.2008 9:41:02 AM)
OK Tom thanks for giving me the thumbs up on my idea. And if you ever come to Spain, I'll buy you a beer. Thanks again, Pete

tshinder -> RE: Discuss the IAG 2007 articles (22.Aug.2008 9:22:01 AM)
Hi Pete, Thanks! I just might take you up on that beer someday :) Thanks! Tom

Page: [1]