I am learning Exchange Server on my home network. I'd like to use ISA to provide firewall protection to my network. So, I envision having my external Internet connection come into NIC 1 of my ISA computer and then have my internal NIC 2 attach to my LinkSys 4 port router, with our 2 desktops and 2 laptops connecting through the router.
The box I am running ISA on will also have Exchange 2000 running on it. I'd like to expose this box to the internet because my router makes Outlook Web Access connectivity very difficult. My intent is to use ISA to protect this computer.
I would like to be able to use the Firewall Client because I want to be able to do user-based and group-based security. However, what confuses me is that in Shinder's book, "Configuring ISA Server 2000," the network topography I described above seems associated with SecureNAT rather than the firewall client (e.g. Figure 4.2 on pg 212 is closest to my planned configuration except I don't plan on a DMZ as a separate DMZ'ed network segment).
So, my question is this: Can I use this planned network layout with the Firewall Client? If so, what other issues do I need to be aware of?
Pg 212 shows a trihomed DMZ, which is not what you want.
Since you have a simple network, you don't need a router. Just plug the internal interface of the ISA Server to a hub or switch, and plug all the machines to the hub/switch.
You don't mention what you're using as an external interface, but it shouldn't be anywhere near the hub/switch you're using on the internal network. The internal and external networks must be physically disconnected so that the only way between them is through the ISA Server.