Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion about part 2 of the SBS 2003 SP1 installation article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> RE: Discussion about part 2 of the SBS 2003 SP1 installation article Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 2.Sep.2005 6:44:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Cameron Ye:
I am very interested in the split DNS part. This is new to me since most SBS documents recommend use the different FQDN name for the internal domain name and the external domain name. Now I know that using the same FQDN name as the name for internal domain and external domain is workable but need more configuration on the DNS side. Thank you.
Hi Cameron,

Very good! I'll fry something up this weekend to demonstrate how to setup the split DNS with the same domain name for internal and external DNS zones this holiday weekend. Good to hear there is some interest in this and perhaps a definitive doc will help.

Thanks!
Tom

(in reply to tshinder)
Post #: 21
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 12.Sep.2005 4:13:00 AM   
Licet

 

Posts: 3
Joined: 12.Sep.2005
Status: offline 		How the heck can/could/should I run throgh the Configure E-mail and Internet Connection Wizard if I use a separate ISA 2004 Firewall server???

Thank You

Licet

[Confused]

(in reply to tshinder)
Post #: 22
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 12.Sep.2005 8:54:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Licet,

Are you putting the ISA firewall in front of the SBS computer?

Thanks!
Tom

(in reply to tshinder)
Post #: 23
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 12.Sep.2005 1:16:00 PM   
ababinchak

 

Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline 		Licet,

How did you convince the customer (or yourself) that the extra cost to purchase ISA and the hardware to run it on was going to be of value?

To your question ready the installation instructions and follow along on the 1 nic installation and chose not to enable the firewall, otherwise you'll end up with RRAS on the SBS server.

(in reply to tshinder)
Post #: 24
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 14.Sep.2005 3:05:00 AM   
Licet

 

Posts: 3
Joined: 12.Sep.2005
Status: offline 		Hi again, sorry for taking me some time to report back in!

@Tom: Yes, i am putting the ISA firewall in front of the SBS computer, internal NIC in same LAN as SBS, external NIC is connected to router.

BTW1: Thanks for the great site and assistance here on isaserver.org!

BTW2: Whats the recommended way to solve DNS name resolution in this situation? By now I have a "caching only" outgoing (internet) DNS on the internal NIC of the ISA 2004, which acts as a forwarder and cacher. The internal NIC points to the internal DNS. I dont feel comfortable with this solution [Frown]

@AmyB: Hi, AmyB. Thanks for the tip with the 1 NIC option, this did the job.

The extra cost (in our situation) is minimal, because we had a Compaq DL320 and a WIN23K standard license available. I was able to setup the ISA 2004 on the seperate server by providing the SBS 2003 Prof. license key during ISA 2004 setup (I am not sure if this is backed up by the SBS 2003 Prof license???).

The main advantage is to have a ""real"" firewall in front of our servers and not to have all traffic routed through the sbs 2003 server.

Best regards,
Licet
[Roll Eyes]

(in reply to tshinder)
Post #: 25
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 14.Sep.2005 7:40:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by AmyB:
Licet,

How did you convince the customer (or yourself) that the extra cost to purchase ISA and the hardware to run it on was going to be of value?

To your question ready the installation instructions and follow along on the 1 nic installation and chose not to enable the firewall, otherwise you'll end up with RRAS on the SBS server.
Hi Amy,

Ha! This is interesting, as my thought was to use a back to back configuration, so the dedicated ISA firewall is in front of the dual homed ISA/SBS machine, so that you have an authenticated access DMZ between the front-end ISA firewall and the ISA/SBS computer.

Now you introduce this second scenario, which will make the article even more interesting!

Thanks!
Tom

(in reply to tshinder)
Post #: 26
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 14.Sep.2005 8:52:00 AM   
ababinchak

 

Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline 		Licet, Sounds like you've violated the SBS licensing agreement. The ISA Server software that comes with SBS must be installed on the SBS Server. Ditto for the SQL on that same CD. In your scenario you'll need to purchase another copy of ISA2004.

(in reply to tshinder)
Post #: 27
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 14.Sep.2005 11:27:00 AM   
AndrewK

 

Posts: 9
Joined: 17.Sep.2002
From: Cincinnati, OH
Status: offline 		I seem to be missing something... I just checked my ISA Server Version in the ISA Management MMC and I did NOT get the upgrade to ISA Firewall 2004.

Sorry for the terribly newbie question, but I followed this document from MS to the letter:

SBS Server Update Instructions

At what point does the ISA server receive the upgrade? I can try running through the instructions again, but I have already been through it 2 times.

Running Win SBS 2003 Premium w/ ISA Installed, no SQL install.

Any help would be appreciated!

Andrew K [Eek!]

(in reply to tshinder)
Post #: 28
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 14.Sep.2005 12:35:00 PM   
DAW

 

Posts: 12
Joined: 26.Jul.2005
Status: offline 		Did you order the Premium SP1 CDs from MS. That's the only way, currently, to get the ISA 2004 upgrade that comes with SBS 2003 SP1 Premium.

(in reply to tshinder)
Post #: 29
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 14.Sep.2005 12:42:00 PM   
AndrewK

 

Posts: 9
Joined: 17.Sep.2002
From: Cincinnati, OH
Status: offline 		AHHHHH.. NO. I was Downloading only!

Will order the CD from MS now.

Thank you!

AK

(in reply to tshinder)
Post #: 30
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 11.Nov.2005 6:26:55 PM   
jjthomas

 

Posts: 8
Joined: 11.Nov.2005
Status: offline 		I was reading this article, in addition to the article about Enabling ISA Firewall FBA for OWA Connections for both Internal and External clients.  I inherited a Win2k3 server running ISA Server 2004 that sits in front of our Win2k3 SBS server running Exchange.  I encountered the following comment in this article from Tom:
"In a future article I’ll go through the step by step procedures to make this happen so that you can benefit form the elegant transparency provided by a split DNS infrastructure." 

As I inherited this environment, it would appear as though I need this article.  Any timeline when we might see this, Tom.  ;-) 

I love the site.  It helps folks like me who have not touched ISA Server, especially when we come from large enterprise environments to small business environments. 

Thanks,
Jason

(in reply to AndrewK)
Post #: 31
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 12.Nov.2005 10:01:35 PM   
sam_hunter

 

Posts: 46
Joined: 12.Nov.2005
Status: offline 		If the ISA 2004 is from the SBS license... that firm has violated their SBS eula.

Did they buy another ISA 2004 media/license for that front installation?

(in reply to jjthomas)
Post #: 32
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 17.Nov.2005 9:10:33 PM   
jjthomas

 

Posts: 8
Joined: 11.Nov.2005
Status: offline 		Given that the consultants that performed this installation are Microsoft partners, I am certain that ISA is licensed for the perimeter server. 

(in reply to sam_hunter)
Post #: 33
RE: Discussion about part 2 of the SBS 2003 SP1 install... - 18.Nov.2005 4:55:57 AM   
dpeters

 

Posts: 66
Joined: 7.Jun.2002
Status: offline 		Do you HAVE to run the CEICW ? Can't you just configure things manually like you would with the seperate components ? I just installed SBS 2003 Standard and when the CEICW came up I just whipped out Autoruns from Sysinternals and stopped it from coming up on every reboot. Then I proceeded to set things up as I would a standard 2003 server. Everything worked fine. Is there a difference with SBS Premium ? I need to know the answer ASAP because I'm installing SBS 2003 Premium for a customer in a day.

(in reply to tshinder)
Post #: 34

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> RE: Discussion about part 2 of the SBS 2003 SP1 installation article Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts