• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA Single NIC question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> Unihomed >> ISA Single NIC question Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA Single NIC question - 25.Nov.2009 10:54:15 AM   
clwoodmac

 

Posts: 12
Joined: 18.Nov.2008
Status: offline
Hi, first off apologies if this has been covered many times but i'm pretty new to ISA 2006.

I am trying to resolve a 'discussion' with my manager regarding single NIC ISA deployed as a web proxy.

I have depployed ISA with single NIC many times using MS technet article and i am aware that single NIC server doesnt have concept of External Network object. The issue i have is that whenever thier is an apparent 'issue' with ISA my colleague wants to change my FW rules and add in external network object.

The weird thing i cant understand is why some of the rules are working with external configured as the destination; for example internet access rule is Internal & Local Host > Internal. He will come along and change destination to external and internet access will still work.

The only thing i can think of is that the IP addresses assgined to the Internal Network adapter arent correct.

Any ideas or how can i understand this better?
Post #: 1
RE: ISA Single NIC question - 25.Nov.2009 11:16:41 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
What addresses do you have on the addresses tab of the internal network object?

You should only need to use the Internal network object in all rules, as this should include all possible addresses. Hence external is the inverse of everything, which equals nothing

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to clwoodmac)
Post #: 2
RE: ISA Single NIC question - 25.Nov.2009 11:25:39 AM   
clwoodmac

 

Posts: 12
Joined: 18.Nov.2008
Status: offline
Hi Jason, thanks for quick response. Your comments definately make sense to me.

On the ISA Internal Network object the IP addresses are defined as:

10.0.0.1 > 10.255.255.255
50.0.0.1 > 50.0.0.255
192.168.0.1 > 192.168.255.255

so as you say this doesn't include all possible addresses.

Is the reason that the external network object will work?

If i add the Adapter this will cover all IP addreses and negate the use of external network object?


Thanks,


Colin.

(in reply to Jason Jones)
Post #: 3
RE: ISA Single NIC question - 25.Nov.2009 4:55:52 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
If you only have one NIC, the IP addresses you have defined are incorrect; so yes, this is why you need to add external.

If you remove the existing addresses and click the 'add adapter' option and select your internal NIC, you will get the correct settings. They should include all default A, B, C and D class addresses but exclude localhost IIRC.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to clwoodmac)
Post #: 4
RE: ISA Single NIC question - 27.Nov.2009 9:24:42 AM   
clwoodmac

 

Posts: 12
Joined: 18.Nov.2008
Status: offline
Hi jason, yes this is what i would normally do but my colleague thinks differently without actually reading anything!

Thanks for confirming!

Colin.

(in reply to Jason Jones)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> Unihomed >> ISA Single NIC question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts