• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about ISA firewall Networks

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Discussion about ISA firewall Networks Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about ISA firewall Networks - 7.Dec.2004 11:50:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the article on creating and configuring ISA firewall Networks at http://isaserver.org/articles/2004isanetworks.html

Thanks!
Tom

[ December 08, 2004, 12:00 AM: Message edited by: tshinder ]
Post #: 1
RE: Discussion about ISA firewall Networks - 13.Dec.2004 10:50:00 AM   
turbomcp

 

Posts: 36
Joined: 13.Nov.2002
Status: offline
great article
misconfiguring networks is no.1 problem right now with all its outcomes(anti-spoofing,routing....)

(in reply to tshinder)
Post #: 2
RE: Discussion about ISA firewall Networks - 13.Dec.2004 12:23:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Turbo,

Thanks! [Big Grin]

Tom

(in reply to tshinder)
Post #: 3
RE: Discussion about ISA firewall Networks - 14.Dec.2004 1:11:00 AM   
neteng

 

Posts: 18
Joined: 18.Nov.2004
Status: offline
good article but i have yet to find an answer to being able to allow internal access to the FBA. looping back through the isa server isnt very practical. i would rather let my exchange FE handle the FBA for both internal and external instead of looping back through the firewall. Is this considered a bad implementation and how much security do i loose?

thanks
love the site

(in reply to tshinder)
Post #: 4
RE: Discussion about ISA firewall Networks - 14.Dec.2004 12:16:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Neteng,

You lose a bit of security for your remote access connections, but you avoid looping back through the ISA firewall for internal clients. If you have a very busy Exchange Server with hundreds of OWA connections all the time, then I would definitely avoid the loop back -- if your OWA server only has a few dozen OWA connections at a time, then you should be able to handle the performance hit for the "loop backers" who need to use the ISA firewall's FBA.

HTH,
Tom

(in reply to tshinder)
Post #: 5
RE: Discussion about ISA firewall Networks - 14.Dec.2004 5:05:00 PM   
neteng

 

Posts: 18
Joined: 18.Nov.2004
Status: offline
well i have a very busy exchange server so i guess i will be passing authentication through to the ISA.
i may end up with another server for internal and one for external/ISA. then i will put FBA back on isa. thanks for info.
i should be getting your book today in mail.
look forward to the reading

(in reply to tshinder)
Post #: 6
RE: Discussion about ISA firewall Networks - 23.Dec.2004 11:59:00 PM   
jbrown04

 

Posts: 8
Joined: 23.Dec.2004
Status: offline
Hello -

In your article you mention configuring the routing table on the ISA firewall for the internal subnets 192.168.2.0/24 and 192.168.3.0/24 since they are not directly connected. Can this be done with the 'Route add <subnet> mask <netmask> <gateway> metric <metric> if <interface>' command or does RRAS need to be turned on and configured on the ISA box? I am having trouble with Internal networks communicating on different subnets.

Thanks.

James

(in reply to tshinder)
Post #: 7
RE: Discussion about ISA firewall Networks - 24.Dec.2004 3:55:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by neteng:
well i have a very busy exchange server so i guess i will be passing authentication through to the ISA.
i may end up with another server for internal and one for external/ISA. then i will put FBA back on isa. thanks for info.
i should be getting your book today in mail.
look forward to the reading

Hi NetEng,

Great! Let me know if you have any questions on what you read in the book.

Thanks!
Tom

(in reply to tshinder)
Post #: 8
RE: Discussion about ISA firewall Networks - 4.Jan.2005 6:06:00 PM   
dball@mapsnet.org

 

Posts: 10
Joined: 29.Nov.2004
From: Marquette, MI
Status: offline
Hello, I recently rebuilt our server to use ISA2004, but have been running into many difficulties so far. The setup I had tried to create is like this:

External->Internet
Internal->NIC1-> 10.20.x.x subnets
Internal->NIC2-> 10.6.x.x subnets

I can get the two Internal networks to work just fine talking to each other, but only the subnets on NIC1 can reach the Internet. I've tried all sorts of combinations, but haven't found any way to reach the outside world from half of our network. I first created NIC2 as a seperate network with associated network rules, but that didn't seem to work, so I added it to the internal network configuration, but that didn't work either.

It seems like some sort of routing problem, where any packet destined for an external address from the 10.6.x.x network just seems to disappear...

Any help you can give will be greatly appreciated!

(in reply to tshinder)
Post #: 9
RE: Discussion about ISA firewall Networks - 5.Jan.2005 2:36:00 PM   
ggraham2

 

Posts: 5
Joined: 2.Jul.2004
From: New York
Status: offline
I am tired of banging my head against the wall. [Confused] It hurts now. I need assistance.
I have follow your settings in the article but I not sure how the configure Access Point Router setting to work with the DMZ network card on my firewall. Im not sure what settings I should input for the router. Any help would be greatly appreciated.

Network Layout:
Cable Modem - ISA Server 2004 with 3 NIC cards
1. External NIC Plugs into the modem
2. Internal NIC plugs into a 10/100 switch
3. DMZ NIC plugs into USR8054 10/100 hub wan port.

ISA Perimeter Settings:
Sleeted DMZ card with address range 192.168.123.0 192.168.123.255
Network rule is set for NAT from WLAN (source) to External (destination)

Here are my network card settings on my ISA 2004 Firewall Running on Windows 2003 Enterprise Server:

External
DHCP Enabled
IP Address: . . . . . . . . . . . .24.x.x.x
Subnet Mask: . . . . . . . . . .255.255.254.0
Default Gateway: . . . . . . .24.215.130.1
DHCP Server: . . . . . . . . .10.48.32.1
DNS Servers: . . . . . . . . . .207.69.188.185
. . . . . . . . . . . . . . . . . . . . 207.69.188.186
. . . . . . . . . . . . . . . . . . . . 207.69.188.187
Internal
IP Address. . . . . . . . . . . . : 10.y.y.y
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :0.0.0.0
DNS Servers . . . . . . . . . . . : 10.y.y.y

DMZ: (WLAN)
IP Address. . . . . . . . . . . . : 192.168.123.99
Subnet Mask . . . . . . . . . . . 255.255.255.0
Default Gateway . . . . . . . . 0.0.0.0

US Robotics 8054 Wireless Router and Access Point
LAN Settings:
IP Address. . . . . . . . . . . . : 192.168.123.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
DHCP scope. . . . . . . . . . . 192.168.123.100 105

WAN Setting: Internal (not sure what settings to use here)
DHCP Enabled
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . :0.0.0.0
Default Gateway . . . . . . . . 0.0.0.0
DNS Servers . . . . . . . . . . . : 0.0.0.0

(in reply to tshinder)
Post #: 10
RE: Discussion about ISA firewall Networks - 24.Jan.2005 12:43:00 PM   
kelvin_perez

 

Posts: 3
Joined: 24.Jan.2005
Status: offline
Hi:

After configuring the ISA Firewall (ISA 2000)now we have a conflict with the Firewall Service when we enable the Server Publishing Rules for INBOUD/OUTBOUND for Transfer Zone (from the external IP tp the Internakle IP) and the DNS Service. First it was working fine but now they can not work together.

If I enable the Publishing Rules:
1) If I start the Fireewall Service first, the DNS service gives me an arror (Event ID: 2012) because the UDP Port 53 is being used by another application.
2) If I start the DNS first, it runs O.K. but the Firewall Service, gives me the errors (can't remember right now the Event ID No).

If I Disable the Publishing Rules:
the DNS service runs fine but I don't have access to OWA.

I also lost our VPN access.

Any sugestions? I will greatly appreciate any feedback.
[Confused]

(in reply to tshinder)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Discussion about ISA firewall Networks Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts