ISA 2006 Installation (Full Version)

All Forums >> [ISA 2006 General] >> Installation and Planning



Message

jgarcia -> ISA 2006 Installation (5.Mar.2008 12:13:40 PM)

Hi everyone,
 
This is my first post on this forum and I've been looking through all of the forums for some direction, but cannot find what I am looking for so I am hoping I can get some help from you all. I'm completely new to ISA 2006 and my biggest weakness is networking so please bare with me on my questions.
 
  1. When installing ISA 2006 - should the ISA servers be joined to my current domain? I only have one domain right now. If so, do I make it a DC, Member Server, or just a Stand Alone on my domain?
  2. My goal is to connect two offices with the ISA servers and then give outside users the ability to access my network via VPN. Anyone have instructions on creating VPN user access? I think I have what I need to setup the site-to-site access between the two offices.

Any help would be greatly appreciated.

John



elmajdal -> RE: ISA 2006 Installation (9.Mar.2008 1:22:48 PM)

quote:

When installing ISA 2006 - should the ISA servers be joined to my current domain? I only have one domain right now. If so, do I make it a DC, Member Server, or just a Stand Alone on my domain?

Join ISA Server to you Domain, make it a domain member and never a DC.

http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html


quote:



  1. My goal is to connect two offices with the ISA servers and then give outside users the ability to access my network via VPN. Anyone have instructions on creating VPN user access? I think I have what I need to setup the site-to-site access between the two offices.

Read this : http://www.isaserver.org/articles/2004vpnserver.html



jgarcia -> RE: ISA 2006 Installation (11.Mar.2008 6:44:47 PM)

Hi Tarek,

I appreciate your response, but I'm starting over as I royally screwed up my config. If possible, can you help me with these questions as I think some of the problems I am having exist with the current server config.

  1. I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?
  2. Is there a ISA SE 2006 setup guide I can use to install? I have two identical servers that I am using to connect two offices and VPN access for outside users. This is my first time setting up ISA and I'm a little lost to be honest. I am currently using the "Creating a Site to Site VPN using ISA 2006 Firewall..." and hope this is a good start.



jgarcia -> RE: ISA 2006 Installation (11.Mar.2008 9:49:00 PM)

Hi Tarek,

Onee more thing, I noticed that you sent me a link to the 2004 VPN Server setup. I'm assuming there is not much difference from the 2006 setup?



elmajdal -> RE: ISA 2006 Installation (12.Mar.2008 12:10:49 PM)

quote:

ORIGINAL: jgarcia

Hi Tarek,

Onee more thing, I noticed that you sent me a link to the 2004 VPN Server setup. I'm assuming there is not much difference from the 2006 setup?


Thats Correct.



elmajdal -> RE: ISA 2006 Installation (12.Mar.2008 12:14:27 PM)

quote:


I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?


Check this : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

Configure First your Network Interfaces then install ISA Server.

quote:

Is there a ISA SE 2006 setup guide I can use to install? I have two identical servers that I am using to connect two offices and VPN access for outside users. This is my first time setting up ISA and I'm a little lost to be honest. I am currently using the "Creating a Site to Site VPN using ISA 2006 Firewall..." and hope this is a good start.


It is , also check this site by Adrian, it has many articles for VPN with ISA Server 2006 : http://www.carbonwind.net/ISA/isa.htm



jgarcia -> RE: ISA 2006 Installation (12.Mar.2008 6:45:31 PM)

quote:


I have a W2K3 SE server with two NIC's. Do I need to go ahead and assign the necesseary IP addresses to each NIC before I start my ISA SE 2006 setup? Or I can do that as I setup ISA SE 2006?


Check this : http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

Configure First your Network Interfaces then install ISA Server.

Hi Tarek,

Thanks for this, but I ran into a problem. On page 8 of 15 when Configuring IP Settings on the South Interface I followed all the details, but when I am done - I cannot RDC to the server. The only workaround I was able to figure out was to not give the South (internal) NIC a static IP, but follow all your other settings. I did add a System Policy previously to allow RDC (Telnet) and MMC and it was working fine before. Also, when I do the ipconfig /all on page 13 of 15 the oly variance I see is the Node Type should be Hybrid and I have Unknown and WINS Proxy Enabled should be No and I have Yes.

What am I missing?



jgarcia -> RE: ISA 2006 Installation (12.Mar.2008 9:44:07 PM)

Another issue. On my second ISA server that I am setting up - I couldn't install ISA because I was getting a setup failed while creating Server Storage. I found out on this forum that if I removed the server from the domain I could install ISA. Now that ISA is setup - I cannot add the server back to the domain. Am I missing something? Policy? 



jgarcia -> RE: ISA 2006 Installation (16.Mar.2008 4:09:23 PM)

Hi All,

I got around my domain issue although I do not know if it was the right way.

Anyhow, I came in today to connect both my server in each office and these are the problems I am having that I've noticed so far:
  1. I see no session running for my VPN between both offices. I'm about 5-7 minutes between the offices so I have been back and forth all morning as I cannot even RDP in. I think the RDP issue is that I allowed a certain IP range to access the serverm but not my actual computer name since I am on a different subnet. Someone correct me if I am wrong.
  2. I can't even access the internet from my workstation.
  3. If cannot issue the internal NIC a static IP because if I do - I cannot RDP to it eventhough I am in the same office and subnet
  4. I get this error under the "alerts" tab and I'm not sure how to fix it. Description: The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
    The following IP address ranges will be dropped as spoofed:
    External:0.0.0.1-96.247.58.255,96.247.60.0-96.255.255.254,97.0.0.0-126.255.255.255,128.0.0.0-192.168.0.255,192.168.3.0-223.255.255.255,240.0.0.0-255.255.255.254;
  5. I used this article (with Parts 1 and 2) http://www.isaserver.org/tutorials/Creating-Branch-Office-VPN-Connection-Remote-Site-Network-Wizard.html to setup my site to site VPN, but the only thing I wasn't to do were the steps on pages 6 and 7 from Part 1 and Page 4 on Part 2. Dimb question, but is this part of my problem?



elmajdal -> RE: ISA 2006 Installation (16.Mar.2008 4:57:01 PM)

Hi,

Regarding the RDP issue, check my article here  : Administrating ISA Server 2006 Remotely Using MMC and Remote Desktop Connection
 
you will have all the things you need to successfully RDP to your server



jgarcia -> RE: ISA 2006 Installation (17.Mar.2008 8:48:17 PM)

Hi Tarek,

Found that article that was one of the first things I did. Could it be something else?



jgarcia -> RE: ISA 2006 Installation (26.Mar.2008 12:06:09 AM)

I gave up on this last week and brought in a consultant to help me get things sorted out. Looks like one of the problems was one of my ISA servers that I ended up blowing away and started from the ground up. Everything is working fine, but got a couple of more questions for anyone.

  1. When I  try to ping storage devices, servers, or other computers by netbios name I can't. If I do it by IP address - I can. DNS issue?
  2. Anyone have something I go use to start looking at for blocking certain sites and/or manage bandwidth? I need to dedicate our VoIP services over users internet.



elmajdal -> RE: ISA 2006 Installation (26.Mar.2008 6:28:08 AM)

Hi again,

For blocking site, read this http://www.isaserver.org/articles/2004domainnamesets.html

also you can import ready made list from this site : http://isaserver.bm/destination_sets.html

or you can automate this with GFI Web Monitor 4 : Product Review : GFI Web Monitor 4.0
 
 
 
For controlling the bandwidth, check www.bsplitter.com


HTH,
Tarek



Page: [1]