First time poster, long time browser.. Been to your forum many many times since upgrading to ISA 2004 from our previous hardware solution..
In any event, I got a few questions, if you guys can help out with any ideas it would be very much appreciated.
Here's the deal:
I have about 75 servers in a DC, a mix of the following really:
* Windows 2000 - IIS * Windows 2000 - Mail * Windows 2000 - SQL * RHEL 3 - Apache / MySQL * RHEL 3 - SWSoft Virtuozzo VPS
Each of these machines has on average 3 public IP's, and serve all kinds of things from web sites to VPS boxes.
Bottom line is, I have the following machine that I have installed ISA 2004 on..
* Compaq DL580 * Single Xeon 900/2MB * 1024MB RAM * 3 x 18.2 RAID 5 * 6 x Compaq NC3120? 100TX NICs * Windows 2003 Enteprise * ISA 2004 Standard
What I would like to do is the following:
* Secure all of my servers * Route all internet traffic through ISA * Eventually install bandwidth control on the ISA box (QoS)
My current situation:
I have made it simple and just done the setup with 2 NICs, as I would like to get the hang of it first and then worry about complex setups. My IP addresses are 184.108.40.206 - 220.127.116.11.
My gateway given to me by the DC is 18.104.22.168. That is the actual gateway that my servers connect to in order to have internet access.
I did the following:
* Configured NIC 1 - IP - 22.214.171.124 - Gateway - 126.96.36.199 - DNS - DC DNS servers
* Configured NIC 2 - IP - 188.8.131.52 - Gateway - 184.108.40.206 - DNS - DC DNS servers
Then, I installed ISA 2004..
*********** Set up as "Front Firewall"
"Networks Tab" -- External -- "ip addresses external to the ISA 2004 ....."
-- Local host -- " you know.. "
-- Perimeter -- "220.127.116.11 - 18.104.22.168"
* Unrestricted Internet from Perimeter to External / All Networks
On a test box I've got sitting at 22.214.171.124 (perimeter network now), I can ping other IP's in the 84.149.84.XXX range, but I CANNOT ping the ISA server (126.96.36.199). I CAN ping 188.8.131.52, which is the DC gateway.
I CANNOT ping the test box from the ISA server.
Alert Information Description: ISA Server detected a spoof attack from Internet Protocol (IP) address 184.108.40.206. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.
I'm guessing that *.254 is the DC's IP for it's own router.
That's pretty much the jist of it, short of uninstaling / reinstalling ISA 2004 I've done everything I can think of..
Anyone got any ideas?
If so, please don't hestiate to post, you never know someone else might have this issue years later and find the answer through google as I have MANY times thanks to this board !