What about a DMZ/Perimeterin ISA 2004? Is that to be considered Internal or External? I am trying to find out info on how to configure/secure the NIC and since we are going to have an IIS6.0 server on the DMZ (ISP DNS pointing to site) what do I need to open/close etc....
I am having almost the same Problem with my ISA Server 2004.
What if i don't want my Servers in the "Internal" Network, as i understand your discription of the ISA-configuration. You put all the Servers, Clients, etc. in a somekind "Internal Network"!
The Problematik in my case is, I don't want the Servers (DC's and Members) in my Internal Network but in a seperate Network, where I have the full control of the Traffic whitch goes through the ISA-Server!
All Networks are routed, because the ISA Server 2004 is the second firewall. The ISA-Server is behind a "Hardware-Firewall"!
The exact question now is:
Is it possible to allow the Clients (Internal) to get on the Active Directory (Server Network)on the ISA-Server to all "Internal" Networks?? because i think that turn's the ISA-Server into "Swiss Cheese"! ;-)
I don't know but am I the only one who is trying to secure my Server's not only from outside, but from inside too?!?!
Note: I have red a few KB-Articles from MS. They always talk only about Active Directory Replication over a Firewall! But what if i want to get my clients to work proberly with my Active Directory Servers over the ISA-Server????? So whitch Port does the Clients need to work proberly with the Servers! And do the clients need the RPC endpoint mapper (Port 135; outbound) and the Ports 1024-65535 (inbound)???? (I know i can set the Range of the inbound-Ports by my self!)
I just installed the ISA 2004 and have the following problems:
Before installation of ISA Server 2004 Standard, I had the following configuration. 1. A Windows Server 2003 with two network adapters. One network adapter (192.168.1.2) connected to an ADSL router (192.168.1.1) and then to the internet. The other network adapter (10.0.0.1) was attached to the intranet. I was using NAT for internet sharing amongst all computers and all was fine. 2. During the course of the ISA 2004 installation the NAT and Internet Sharing service was stopped as required. 3. After the ISA 2004 installation, the PCs on the intranet (10.0.0.5, 10.0.0.10 etc) are not able to share the internet connection. In fact I am even unable to ping from these PCs to 10.0.0.1 (the server). 4. From the Windows Server (192.168.1.2), I am able to get limited connectivity to the Internet - basically microsoft sites that are included in the 'system policy' page. 5. Can you please suggest the best network topology for this system and how I should configure the networks and network rules. Thanks in advance. Sunil Tadepalli
hi. I have three subnets roughly the same scenario as tom's article. I have followed the instructions in which adding static routes to the windows routing table for local subnets and I have also added the windows routing table to the local addres table for the internal network. The problem is, my isa 2004 box still considers my other internal subnets (besides the one that is on the internal nic of the isa 2004 box) as an unsecured network. Any help would be greatly appreciated thanks.