• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Question for Configuring the ISA 2004 Client

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Question for Configuring the ISA 2004 Client Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Question for Configuring the ISA 2004 Client - 18.Feb.2008 6:27:22 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
Hi to all MODS and Expert,

  I am new in ISA server 2004 SE and new for this fantastic firewall. As i read the book i am confuse of the 3 client.

1. Secure NAT
2. Web Proxy
3. Firewall

My question is does this 3 client should be implemented?

By the way correct me if im wrong I install fresh copy of windows 2003 EE and ISA server 2004 SE. I set my windows 2003 EE as a Domain Controller after the installation of ISA 2004 SE. Is this correct does? Does it matter before or after the istallation?

And also here is my configuration of NIC 1 is connected to my ADSL router with a name of External Connection
IP Address : 192.168.100.101  
SM             : 255.255.255.0
DG             : 192.168.100.1
DNS          : 66.178.2.25

My Internal Connection which is define during my installation
IP Address : 10.0.0.1
SM             : 255.255.255.0

and i did not set the DNS

Are all this configuration correct?

Thank you in advance

Regards,
Doyek

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."
Post #: 1
RE: Question for Configuring the ISA 2004 Client - 18.Feb.2008 10:44:42 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi Doyek,

Check the following link: http://forums.isaserver.org/Trouble_understanding_authentication%2fsecureNAT/m_2002062465/tm.htm

Thanks -



_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 2
RE: Question for Configuring the ISA 2004 Client - 18.Feb.2008 10:55:46 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
quote:

By the way correct me if im wrong I install fresh copy of windows 2003 EE and ISA server 2004 SE. I set my windows 2003 EE as a Domain Controller after the installation of ISA 2004 SE. Is this correct does? Does it matter before or after the istallation?


Have u installed ISA on your Domain controller? Installing ISA on a DC is not supported.

Join the computer on which you intend to install ISA to your domain and then install ISA.

HTH,



_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 3
RE: Question for Configuring the ISA 2004 Client - 19.Feb.2008 5:33:53 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
Hi royd,

  First of all i would like to thank you for answering my question.

Yeah i install my ISA server in a domain but i have a problem creating new user in a domain. The problem pops up and says:

Windows cannot set the password for we because:
The password does not meet the password policy requirements. Check the minimun password length, password complexity and password history requirements.

Do you have an idea about this royd?

Thanks again...

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 4
RE: Question for Configuring the ISA 2004 Client - 19.Feb.2008 6:38:53 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi,

The problem is in your default domain policy settings.  Open Group Policy management console and browse to your domain name, right click the 'default domain policy' and click edit. Browse to
Computer configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policies
There you can choose the options that meet your company security policy.

If GPMC is not installed open ADUC (Active Directory Users and computers) right click your domain name, click on properties and click on Group Policy tab. There you can edit your default policy as described above

HTH,


_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 5
RE: Question for Configuring the ISA 2004 Client - 19.Feb.2008 8:19:12 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
royh,

  thank you so much for you help now im about to configure the policies.

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 6
RE: Question for Configuring the ISA 2004 Client - 19.Feb.2008 4:39:59 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Glad it worked!! Thanks for the update

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 7
RE: Question for Configuring the ISA 2004 Client - 19.Feb.2008 11:40:04 PM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
hi royd,

one thing more i have an xp machine connected to my internal network how can i join this in a domain?

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 8
RE: Question for Configuring the ISA 2004 Client - 20.Feb.2008 3:25:53 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Right click on 'My compter' -> Properties -> click on 'compter name' tab, click 'change'. Enter the desired computer name and choose ur domain name.


_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 9
RE: Question for Configuring the ISA 2004 Client - 20.Feb.2008 6:04:44 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
hi royh

   i cannot connect to my domain and this is the error maybe do something wrong with my domain server? this is the error

domain could not be contacted...

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name COMMUNITY might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain COMMUNITY:

The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)

The query was for the SRV record for _ldap._tcp.dc._msdcs.COMMUNITY

The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:

10.0.0.2

Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.

For more information on how to correct this problem, click Help.

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 10
RE: Question for Configuring the ISA 2004 Client - 20.Feb.2008 8:53:32 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
It's a DNS problem. Install DNS on your DC and set your users to use the DC as their primary DNS.

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 11
RE: Question for Configuring the ISA 2004 Client - 21.Feb.2008 12:11:34 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
hi royh,

  roy i think i already install the DNS in my Domain Controller during my intallation og DC. Am i right that by default it will be automatically configured? If not will you please help me to install DNS in my DC. Can u please post here on how to install DNS in my DC?

thank u roy....

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 12
RE: Question for Configuring the ISA 2004 Client - 21.Feb.2008 4:55:00 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
What are the results of nslookup "your domain name" ?

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 13
RE: Question for Configuring the ISA 2004 Client - 21.Feb.2008 5:42:15 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
hi roy,

  It suck a lot of time to setup coz im newbie for this. Sad to say that i made a fresh setup in my windows 2003 SE. And setup also as a DHCP/ DC server. Now it works fine without ISA 2004 Firewall. My XP client already a member of the domain.
   Now roy im about to install ISA Server 2003 in my DHCP/DC server. I read some articles that its bad practice for have DHCP/DC with ISA server? What can u say about it? Or am i on the right way?

  here is my Config

  external
  ip : static ip with default gateway and dns on it

  my internal
  ip : 10.0.0.1
  sm: 255.255.255.0
  gw:

  DNS : 127.0.0.1

why i make bold for the DNS its because it was change from 10.0.0.2
which is my configuration before i made a fresh installation.

my question is
after my isa installed does this change because i have a tutorial here that when u install isa 2004 the DNS should be configure to 10.0.0.2?



_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 14
RE: Question for Configuring the ISA 2004 Client - 21.Feb.2008 7:25:06 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
I don't recommend at all installing ISA on the domain controller itself. ISA is a firewall and should be installed on a separate box. Install windows 2003 with the latest SP on the ISA box and join it to your domain. Your ISA box should be equipped with two LAN cards. After joining to domain, install ISA server 2004. Your lan settings should be like this:

External NIC:
IP/Mask : static addresses given by ur ISP
DG: given by ISP
DNS: LEAVE EMPTY

Internal NIC:
IP/Mask: a valid address from ur internal network
DG: LEAVE EMPTY
DNS: address of your internal DNS server

On your Internal DNS, configure the server to forward the DNS queries to the DNS of your ISP

HTH,





_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 15
RE: Question for Configuring the ISA 2004 Client - 22.Feb.2008 11:39:16 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
Hi roy thanks again

by the way how to configure the server to forward the DNS queries to the DNS of my ISP?

I already separate my Domain controler and my ISA thank for the advice and idea. It really a big help to me as a begginer.



_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 16
RE: Question for Configuring the ISA 2004 Client - 22.Feb.2008 4:21:18 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Open the DNS console from administrative tools, right click on the name of your DNS server, click properties, click the forwarders tab and add the addresses of your ISP's DNS servers...

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 17
RE: Question for Configuring the ISA 2004 Client - 24.Feb.2008 11:46:43 PM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
hi roy works fine now.

i have a question it is a good idea that ISA 2004 setup as a firewall and a proxy server together?

How to configure ISA as a proxy in the server side?

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 18
RE: Question for Configuring the ISA 2004 Client - 25.Feb.2008 4:42:30 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
In ISA, enable web proxy on your internal network (expand the configuration node, click on networks, right click your internal network and click properties, go to web proxy tab and set the required parameters) and set your users to use ISA as their proxy server.



_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to doyek)
Post #: 19
RE: Question for Configuring the ISA 2004 Client - 25.Feb.2008 6:18:47 AM   
doyek

 

Posts: 40
Joined: 11.Feb.2008
Status: offline
Thank you so much roy now im trying to setup cache hope ur stil there to help me. Proxy work fine now. But i still have problem i can't find any name in monitoring its all anonymous. How to configure to locate its true name?

_____________________________

"If money is your hope for independence you will never have it.
The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

(in reply to royh)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> Question for Configuring the ISA 2004 Client Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts