I have just installed ISA 2006 SP1 on a Windows 2003 server in our 129.85.244.X DMZ subnet. This server has a single NIC with an IP address on the 129.85.244.X subnet respectively. Now, we have a few Windows servers on our 129.85.1.X LAN subnet that have been no access to the Internet. However, they do have full access to the ISA server. Also, the ISA server has full access to the Internet and the 129.85.1.X subnet.
What I am trying to accomplish is, I want to use the ISA server as a proxy-only server so the LAN servers can go to the Windows Update website to obtain patches. Basically, I want my 129.85.1.X servers to communication to the ISA 129.85.244.X server to gain Internet browsing access.
*** I DON'T WANT TO USE THIS ISA SERVER AS A FIREWALL IN ANYWAY. *** We have external firewalls handling all the network security.
Can anyone please email me a step-by-step doc to get this done quickly and painlessly?
same problem.. my problem is my network topology is doing twice NAT. first at router that connecting to internet, second in my ISA server. i try to figure out how to solve this problem. in my opinion i think my isa server should be configured only as proxy server.
From: Southern California
No step-by-step doc required, really. If you have an ISA firewall configured with a single network interface, it is by default limited to only web proxy services. The network interface is configured with a default gateway that leads to your Internet egress router/firewall, then all you'd need to do is configure a web access rule and you are done.
From: Southern California
Doing NAT twice is unavoidable in this case. Keep in mind though that your ISA firewall in this instance isn't 'really' performing NAT. I like to refer to it as 'pseudo-NAT', because it is NAT-like, but not really NAT. The reason for this is that the ISA firewall when performing web proxy services is terminating the incoming session for the user request, then creating a separate and distinct session to retrieve the content from the remote web server. This second request, performed on behalf of the requester (by proxy!), originates from the IP address of the network interface used by the ISA firewall to send the request.
but in observe the problem is come after i doing twice NAT. sometimes in morning internet connection is lost and user browser give message that there is a dns problem. but when i look at my AD+DNS server the service is work properly.
is there any relation because AD+DNS server is located in subnet 192.168.1.0/24 and under the isa server, but router local interface is use subnet 192.168.7.0/24 ? my isa server has 2 NIC.public NIC is 192.168.7.2 and local NIC 192.168.1.200 in DNS server my isa server is known as 192.168.1.200