• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Fresh ISA2004 install, need to publish 60~ servers on perimeter network

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Fresh ISA2004 install, need to publish 60~ servers on perimeter network Page: [1]
Login
Message << Older Topic   Newer Topic >>
Fresh ISA2004 install, need to publish 60~ servers on p... - 28.Nov.2004 1:20:00 PM   
EUDC

 

Posts: 2
Joined: 28.Nov.2004
Status: offline
Hello guys,

First time poster, long time browser.. Been to your forum many many times since upgrading to ISA 2004 from our previous hardware solution..

In any event, I got a few questions, if you guys can help out with any ideas it would be very much appreciated.

Here's the deal:

I have about 75 servers in a DC, a mix of the following really:

* Windows 2000 - IIS
* Windows 2000 - Mail
* Windows 2000 - SQL
* RHEL 3 - Apache / MySQL
* RHEL 3 - SWSoft Virtuozzo VPS


Each of these machines has on average 3 public IP's, and serve all kinds of things from web sites to VPS boxes.

Bottom line is, I have the following machine that I have installed ISA 2004 on..

* Compaq DL580
* Single Xeon 900/2MB
* 1024MB RAM
* 3 x 18.2 RAID 5
* 6 x Compaq NC3120? 100TX NICs
* Windows 2003 Enteprise
* ISA 2004 Standard


What I would like to do is the following:

* Secure all of my servers
* Route all internet traffic through ISA
* Eventually install bandwidth control on the ISA box (QoS)

My current situation:

I have made it simple and just done the setup with 2 NICs, as I would like to get the hang of it first and then worry about complex setups. My IP addresses are 84.149.84.1 - 84.149.84.250.

My gateway given to me by the DC is 84.149.84.252. That is the actual gateway that my servers connect to in order to have internet access.

I did the following:

* Configured NIC 1
- IP - 84.149.84.250
- Gateway - 84.149.84.252
- DNS - DC DNS servers

* Configured NIC 2
- IP - 84.149.84.1
- Gateway - 84.149.84.250
- DNS - DC DNS servers

--

Then, I installed ISA 2004..

***********
Set up as "Front Firewall"

"Networks Tab"
-- External -- "ip addresses external to the ISA 2004 ....."

-- Local host -- " you know.. "

-- Perimeter -- "84.149.84.1 - 84.149.84.240"

**************

Firewall Rules:

* Unrestricted Internet from Perimeter to External / All Networks

**************

Bottom line:

On a test box I've got sitting at 84.149.84.15 (perimeter network now), I can ping other IP's in the 84.149.84.XXX range, but I CANNOT ping the ISA server (84.149.84.250). I CAN ping 84.149.84.252, which is the DC gateway.

I CANNOT ping the test box from the ISA server.

Further..


Alert Information
Description: ISA Server detected a spoof attack from Internet Protocol (IP) address 84.149.84.254. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.

I'm guessing that *.254 is the DC's IP for it's own router.

That's pretty much the jist of it, short of uninstaling / reinstalling ISA 2004 I've done everything I can think of..

Anyone got any ideas?

If so, please don't hestiate to post, you never know someone else might have this issue years later and find the answer through google as I have MANY times thanks to this board ! "[Smile]"

Thanks!
Vasil
Post #: 1
RE: Fresh ISA2004 install, need to publish 60~ servers ... - 28.Nov.2004 4:37:00 PM   
EUDC

 

Posts: 2
Joined: 28.Nov.2004
Status: offline
UPDATE...

Now I can have internet access from the "client" machine that's on the perimeter network

I can ping the machine on the perimeter network from another machine from the internet (external)

I cannot connect RDP to it, even though I have published it correctly..

When I telnet xxx.xxx.xxx.xxx 80 to it, I see that the Http server is working

GRRRRRR

(in reply to EUDC)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Fresh ISA2004 install, need to publish 60~ servers on perimeter network Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts