• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2006 Installation

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> ISA 2006 Installation Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2006 Installation - 5.Mar.2008 12:13:40 PM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
Hi everyone,
 
This is my first post on this forum and I've been looking through all of the forums for some direction, but cannot find what I am looking for so I am hoping I can get some help from you all. I'm completely new to ISA 2006 and my biggest weakness is networking so please bare with me on my questions.
 
  1. When installing ISA 2006 - should the ISA servers be joined to my current domain? I only have one domain right now. If so, do I make it a DC, Member Server, or just a Stand Alone on my domain?
  2. My goal is to connect two offices with the ISA servers and then give outside users the ability to access my network via VPN. Anyone have instructions on creating VPN user access? I think I have what I need to setup the site-to-site access between the two offices.

Any help would be greatly appreciated.

John
Post #: 1
RE: ISA 2006 Installation - 9.Mar.2008 1:22:48 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

When installing ISA 2006 - should the ISA servers be joined to my current domain? I only have one domain right now. If so, do I make it a DC, Member Server, or just a Stand Alone on my domain?

Join ISA Server to you Domain, make it a domain member and never a DC.

http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html


quote:



  1. My goal is to connect two offices with the ISA servers and then give outside users the ability to access my network via VPN. Anyone have instructions on creating VPN user access? I think I have what I need to setup the site-to-site access between the two offices.


Read this : http://www.isaserver.org/articles/2004vpnserver.html

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to jgarcia)
Post #: 2
RE: ISA 2006 Installation - 11.Mar.2008 6:44:47 PM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
Hi Tarek,

I appreciate your response, but I'm starting over as I royally screwed up my config. If possible, can you help me with these questions as I think some of the problems I am having exist with the current server config.

  1. I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?
  2. Is there a ISA SE 2006 setup guide I can use to install? I have two identical servers that I am using to connect two offices and VPN access for outside users. This is my first time setting up ISA and I'm a little lost to be honest. I am currently using the "Creating a Site to Site VPN using ISA 2006 Firewall..." and hope this is a good start.



(in reply to elmajdal)
Post #: 3
RE: ISA 2006 Installation - 11.Mar.2008 9:49:00 PM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
Hi Tarek,

Onee more thing, I noticed that you sent me a link to the 2004 VPN Server setup. I'm assuming there is not much difference from the 2006 setup?

(in reply to jgarcia)
Post #: 4
RE: ISA 2006 Installation - 12.Mar.2008 12:10:49 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ORIGINAL: jgarcia

Hi Tarek,

Onee more thing, I noticed that you sent me a link to the 2004 VPN Server setup. I'm assuming there is not much difference from the 2006 setup?


Thats Correct.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to jgarcia)
Post #: 5
RE: ISA 2006 Installation - 12.Mar.2008 12:14:27 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:


I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?


Check this : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

Configure First your Network Interfaces then install ISA Server.

quote:

Is there a ISA SE 2006 setup guide I can use to install? I have two identical servers that I am using to connect two offices and VPN access for outside users. This is my first time setting up ISA and I'm a little lost to be honest. I am currently using the "Creating a Site to Site VPN using ISA 2006 Firewall..." and hope this is a good start.


It is , also check this site by Adrian, it has many articles for VPN with ISA Server 2006 : http://www.carbonwind.net/ISA/isa.htm

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to jgarcia)
Post #: 6
RE: ISA 2006 Installation - 12.Mar.2008 6:45:31 PM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
quote:


I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?


Check this : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

Configure First your Network Interfaces then install ISA Server.

Hi Tarek,

Thanks for this, but I ran into a problem. On page 8 of 15 when Configuring IP Settings on the South Interface I followed all the details, but when I am done - I cannot RDC to the server. The only workaround I was able to figure out was to not give the South (internal) NIC a static IP, but follow all your other settings. I did add a System Policy previously to allow RDC (Telnet) and MMC and it was working fine before. Also, when I do the ipconfig /all on page 13 of 15 the oly variance I see is the Node Type should be Hybrid and I have Unknown and WINS Proxy Enabled should be No and I have Yes.

What am I missing?

(in reply to elmajdal)
Post #: 7
RE: ISA 2006 Installation - 12.Mar.2008 9:44:07 PM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
Another issue. On my second ISA server that I am setting up - I couldn't install ISA because I was getting a setup failed while creating Server Storage. I found out on this forum that if I removed the server from the domain I could install ISA. Now that ISA is setup - I cannot add the server back to the domain. Am I missing something? Policy? 

(in reply to jgarcia)
Post #: 8
RE: ISA 2006 Installation - 16.Mar.2008 4:09:23 PM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
Hi All,

I got around my domain issue although I do not know if it was the right way.

Anyhow, I came in today to connect both my server in each office and these are the problems I am having that I've noticed so far:
  1. I see no session running for my VPN between both offices. I'm about 5-7 minutes between the offices so I have been back and forth all morning as I cannot even RDP in. I think the RDP issue is that I allowed a certain IP range to access the serverm but not my actual computer name since I am on a different subnet. Someone correct me if I am wrong.
  2. I can't even access the internet from my workstation.
  3. If cannot issue the internal NIC a static IP because if I do - I cannot RDP to it eventhough I am in the same office and subnet
  4. I get this error under the "alerts" tab and I'm not sure how to fix it. Description: The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
    The following IP address ranges will be dropped as spoofed:
    External:0.0.0.1-96.247.58.255,96.247.60.0-96.255.255.254,97.0.0.0-126.255.255.255,128.0.0.0-192.168.0.255,192.168.3.0-223.255.255.255,240.0.0.0-255.255.255.254;
  5. I used this article (with Parts 1 and 2) http://www.isaserver.org/tutorials/Creating-Branch-Office-VPN-Connection-Remote-Site-Network-Wizard.html to setup my site to site VPN, but the only thing I wasn't to do were the steps on pages 6 and 7 from Part 1 and Page 4 on Part 2. Dimb question, but is this part of my problem?


< Message edited by jgarcia -- 16.Mar.2008 4:10:43 PM >

(in reply to jgarcia)
Post #: 9
RE: ISA 2006 Installation - 16.Mar.2008 4:57:01 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

Regarding the RDP issue, check my article here  : Administrating ISA Server 2006 Remotely Using MMC and Remote Desktop Connection
 
you will have all the things you need to successfully RDP to your server

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to jgarcia)
Post #: 10
RE: ISA 2006 Installation - 17.Mar.2008 8:48:17 PM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
Hi Tarek,

Found that article that was one of the first things I did. Could it be something else?

(in reply to elmajdal)
Post #: 11
RE: ISA 2006 Installation - 26.Mar.2008 12:06:09 AM   
jgarcia

 

Posts: 24
Joined: 5.Mar.2008
Status: offline
I gave up on this last week and brought in a consultant to help me get things sorted out. Looks like one of the problems was one of my ISA servers that I ended up blowing away and started from the ground up. Everything is working fine, but got a couple of more questions for anyone.

  1. When I  try to ping storage devices, servers, or other computers by netbios name I can't. If I do it by IP address - I can. DNS issue?
  2. Anyone have something I go use to start looking at for blocking certain sites and/or manage bandwidth? I need to dedicate our VoIP services over users internet.

(in reply to jgarcia)
Post #: 12
RE: ISA 2006 Installation - 26.Mar.2008 6:28:08 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi again,

For blocking site, read this http://www.isaserver.org/articles/2004domainnamesets.html

also you can import ready made list from this site : http://isaserver.bm/destination_sets.html

or you can automate this with GFI Web Monitor 4 : Product Review : GFI Web Monitor 4.0
 
 
 
For controlling the bandwidth, check www.bsplitter.com


HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to jgarcia)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> ISA 2006 Installation Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts