• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

.0 Is this config possible?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> .0 Is this config possible? Page: [1]
Login
Message << Older Topic   Newer Topic >>
.0 Is this config possible? - 15.Nov.2007 12:07:05 PM   
Vorkuta

 

Posts: 7
Joined: 15.Nov.2007
Status: offline
I'm posting this because for some reason, this site is slow to my corp, and I can't peruse all the threads...

Currently, we're running ISA 2004 in transparent proxy mode (one NIC) and of course, a lot of functionality is different and/or not there.  I'd like to move it to a proper pass-through configuration (it has two NICs... we went single-homed because we wanted to config it the same as our old Proxy 2.0 server).

Anyhoo... is it possible to have both NIC's on the same subnet?  Some of my reading indicates this might be a problem, but I'm not sure.  Here's what I want to do:

      Internet
             |
      Cisco ASA
172.16.0.6/255.255.0.0
             |
    Internal LAN
172.16.0.0/255.255.0.0  <---------> Special servers not passing through ISA
             |
   ISA 2004 Server
"External" 172.16.16.61/255.255.0.0
"Internal" 172.16.16.60/255.255.0.0
             |
PC Clients using ASA (users in a security group)

Will/can this work?  99% of PC clients have the ISA as their proxy server in their browser.  Some servers/clients go directly to the ASA for special purposes... We use the ISA primarily to enforce the fact that only certain users have internet access, but certain servers are allowed, regardless (bypassing ISA).

Thoughts?  Workarounds?
Post #: 1
RE: .0 Is this config possible? - 19.Nov.2007 9:51:50 AM   
bgd_pep

 

Posts: 34
Joined: 8.Oct.2007
Status: offline
hi,
When you use an ISA Server with only one nic card that server will only do caching server. When you will install the Isa server with two nics it will ask to provide the internal network configuration configuration. i there you will put 172.16.0.60-172.16.0.x then that subnet will be considered internal network.
But it is recomanded to use a difrent class for ex 172.16.1.0/255.255.0.0

(in reply to Vorkuta)
Post #: 2
RE: .0 Is this config possible? - 19.Nov.2007 9:57:43 AM   
Vorkuta

 

Posts: 7
Joined: 15.Nov.2007
Status: offline
Thanks!  I'd LIKE to avoid having to change the IP on the inside interface on my firewall (172.16.0.6)... can I set up SPECIFIC ip ranges as being internal (excluding 172.16.0.6) or does it just go by ONE IP range, based on the "internal" nic (172.16.0.0/16)?  That is, can I have 172.16.0.6 be the ONLY outside IP?

(in reply to bgd_pep)
Post #: 3
RE: .0 Is this config possible? - 19.Nov.2007 9:59:23 AM   
bgd_pep

 

Posts: 34
Joined: 8.Oct.2007
Status: offline
hi,
you can have many ranges, this for excluding ip's

(in reply to Vorkuta)
Post #: 4
RE: .0 Is this config possible? - 19.Nov.2007 9:12:07 PM   
hornebag

 

Posts: 18
Joined: 2.Feb.2005
Status: offline
Hi Vorkuta,

By the look of the diagram, you have an edge firewall (Cisco ASA) with no DMZ. If the ISA server is only acting as a proxy server (which it is, as both NIC's are n the same network), then you would be better leaving it as a single NIC, as the clients are probably only using one of them anyway, unless halfthe client are configure for IP address and the othe half are configured for the other.

Another thing you can do, depending on your server/nic's is team both nic's so that they appear as one.


(in reply to bgd_pep)
Post #: 5
RE: .0 Is this config possible? - 20.Nov.2007 7:38:38 AM   
Vorkuta

 

Posts: 7
Joined: 15.Nov.2007
Status: offline
Yes, but with a single-homed ISA, you can't get the full functionality of the proxy, can you?  We're having a horrible time with authentication pop-ups, ftp client inability to upload, etc.

(in reply to hornebag)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> .0 Is this config possible? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts