• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Best Plan

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Best Plan Page: [1]
Login
Message << Older Topic   Newer Topic >>
Best Plan - 4.Jun.2011 9:28:45 PM   
ammar

 

Posts: 3
Joined: 4.Jun.2011
Status: offline
Hello all,

I am new to networking and ISA server and I have the following:

Requirements:

1.I have customer company has 3 sites A, B and C.
2.I want to build local domain in Site-A (Main-Office) and additional domain controllers one in site-B and one in site-C.
3.Build VPN site to site between all sites mesh topology using ISA server 2006 standard edition.

Background:

I thought whether to make ISA server domain member or in workgroup! And searched the topic and get the best opinion in Thomas Shinder's article http://www.isaserver.org/tutorials/debunking-myth-that-isa-firewall-should-not-domain-member.html

Problem and questions:

1.In case if selecting to make ISA servers to be domain member no problem with site-A, but how to setup addition domain in site-B before ISA – which will be member in that domain and in the same time ISA server will be used to have connectivity between site-A and site-B through VPN ?? Which order I have to use to install additional DC in site-B and in the same time make ISA-B domain member???
2.Away of that scenario if I have local domain in site-A behind ISA server and want to install additional DC in site-B without having VPN connection, does it need to publish protocols through ISA-A ? If yes, which protocols? Is that secure?
Post #: 1
RE: Best Plan - 4.Jun.2011 10:52:53 PM   
stevenrix

 

Posts: 101
Joined: 16.Feb.2011
Status: offline
Not sure i am following you. If you are talking about intersites, after connecting your hardwares, you have to do a trust relationship in Active Directory. The type of the trust will depend on what you want to do, will also depend on the network connectivity (DLS, cable, T1...etc). Once the trust relation is established, it will be easier to determine your needs with ISA.
I hope i answered your question.
You can also use ADLDS for this type of configuration but you won't have the same full benefits compared to Active Directory Services.

Check this link also: http://www.isaserver.org/tutorials/Designing_An_ISA_Server_Solution_on_a_Complex_Network.html

And for the type of connection, i am not sure, on CISCO it is usually a cmak connection with a 2 prone process,and this is what you'll need first before connecting your ISA servers.

enshallah

< Message edited by stevenrix -- 4.Jun.2011 11:29:15 PM >

(in reply to ammar)
Post #: 2
RE: Best Plan - 5.Jun.2011 3:39:52 AM   
ammar

 

Posts: 3
Joined: 4.Jun.2011
Status: offline
Hello stevenrix,

My question not about intersites, but in URL I refereed to it is recommended to install ISA as domain member, so I have no VPN hardware and use ADSL router (doesn't support VPN S2S), so after I install DC in site-A and ISA-A, now I want to install site-B, what to start with ??? ISA-B or additional domain controller in site-B?? if I start with ISA-B that will means it is not domain member, if I said I will start with Site-B additional domain controller, how it will connect to PDC in site-A while I did not established VPN connection cause no ISA server in site-B till that second !!!

(in reply to stevenrix)
Post #: 3
RE: Best Plan - 10.Jun.2011 11:42:22 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

you should install first a DC on site B, then join ISA machine to your domain before install ISA firewall software on it.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to ammar)
Post #: 4
RE: Best Plan - 13.Jun.2011 1:31:44 AM   
ammar

 

Posts: 3
Joined: 4.Jun.2011
Status: offline
Hi,

So my question was how to install DC in site-B while i do not have VPN connection to site-A becuase two ISA servers will be used to build this site to site VPN connection !!!!!!

(in reply to paulo.oliveira)
Post #: 5
RE: Best Plan - 13.Jun.2011 2:55:21 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

you´ve three options:

1- Install the DC B on the site A before move the server.
2- Install ISA, create VPN, install DC B then join ISA to domain.
3- Install ISA, create VPN, install DC B, remove ISA, join ISA machine to domain then instal ISA back to machine.

There´s no problem to join ISA machine to domain after ISA firewall is installed.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to ammar)
Post #: 6
RE: Best Plan - 20.Sep.2011 11:52:13 PM   
bigworld

 

Posts: 3
Joined: 20.Sep.2011
Status: offline
Nice, I've been looking for something like this with Ogg support. Thanks for posting.







Coach Pursescoach outletcoach factory outlet

(in reply to paulo.oliveira)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Best Plan Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts