• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Network redesign

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Network redesign Page: [1]
Login
Message << Older Topic   Newer Topic >>
Network redesign - 28.Jan.2011 4:31:17 AM   
paul.v

 

Posts: 2
Joined: 28.Jan.2011
Status: offline
Hello.
I`m planning network redesign and I need your advice.
Organization consist of head office and two branches. I`m planning front end and backend firewalls implementation with DMZ. I`m going to do following.
1) Install ISA 2006 as a back end firewall/proxy in a Back-to-Back configuration.
2) Install The SonicWall as a frontend firewall.
3) Implement DMZ subnet.
4) Implement VPN server wich will be establish tunnels between head office and two branches.
Could you help me with following questions:
1) Where should I place VPN server?
2) How should I config routing between VPN server and ISA server?

Looking forward for your advice!
Thanks a lot.
Post #: 1
RE: Network redesign - 28.Jan.2011 6:37:55 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

you could use one of your firewalls as VPN server. If SonicWall does not have this feature, than use ISA firewall instead.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to paul.v)
Post #: 2
RE: Network redesign - 28.Jan.2011 10:13:24 AM   
paul.v

 

Posts: 2
Joined: 28.Jan.2011
Status: offline
Paulo,
thanks for your reply!
If I place VPN server on ISA server how many NIC should I install? And could you give me advice how should I route traffic between ISA Server interfaces?

(in reply to paulo.oliveira)
Post #: 3
RE: Network redesign - 28.Jan.2011 1:31:24 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

no you will not place the VPN server on ISA firewall. The ISA firewall will be the VPN server.

ISA can play multiples roles on the same machine: Firewall, VPN gateway (site-to-site and remote access client), Forward and reverse proxy.

It is strongly recommended to not install any other services together with ISA Server, since this is a firewall, altough you can, it does not mean you should. Otherwise, it will increase ISAīs attack surface.

Keep in mind that ISA Server is not the most current version of Microsoft firewall. Microsoft has changed the name of itīs firewall and it is now named Forefront Threat Management Gateway (TMG).

To enable VPN on ISA you can follow these guides:

For VPN remote client access:
http://www.isaserver.org/articles/2004vpnserver.html
http://www.isaserver.org/articles/2004pubvpn.html

For site-to-site VPNs:
http://www.isaserver.org/tutorials/Creating-VPN-ISA-Server-2006-Firewalls-Main-Branch-Office-Part1html.html

There are also other articles on this site it may worth take a look.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to paul.v)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Network redesign Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts