[isalist] Re: Simple question
- From: Joe Pochedley <joepochedley@xxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 15 Sep 2008 11:48:37 -0400
With a setup the way you're talking (the Dlink between the modem and ISA), your
wireless clients will bypass ISA. Is this what you want?
Since you're putting in ISA, I'm guessing you don't want any clients bypassing
ISA (or else, why even bother, right?)... Hence, I'd recommend bringing the
dlink inside the ISA and strictly use it as a wireless access point instead of
a router. If you wanted to get really fancy, you could segregate the wireless
users off a third leg of ISA (with a third NIC in the ISA box) and maintain
better security with them... But I digress... :)
ISAServer.org has a tutorial for setting up ISA with a cable modem and dynamic
addresses.
http://www.isaserver.org/tutorials/How_to_Set_up_an_ISA_Server_with_a_Cable_Modem_Connection.html
HTH
Joe P
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Justin Martin
Sent: Monday, September 15, 2008 11:06 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Simple question
There is a cable modem. The router is also being used for wireless clients.
Does it matter if there is no Static external IP address?
Thanks
________________________________
> From: joepochedley@xxxxxxxxx
> To: isalist@xxxxxxxxxxxxx
> Date: Mon, 15 Sep 2008 10:56:18 -0400
> Subject: [isalist] Re: Simple question
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> What is on the other side of the Dlink router? Do you have a separate
> DSL/Cable modem upstream?
>
> If you do have a separate DSL/Cable modem, why not just remove the Dlink
> router from the equation all-together? Hook the DSL/Cable modem direct to the
> ISA server. Then you won't need to run a back-to-back NAT scenario.
>
> Joe P
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jim Harrison
> Sent: Monday, September 15, 2008 10:44 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Simple question
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> (keeping the list engaged; no private data yet)
>
> Your subnet changes are spot-on. The actual subnet ID is unimportant (you
> could just as easily use 10.10.10/24 if you wanted) as long as they're
> different for each ISA NIC.
> You should place ISA between your internal network and the "router".
> This way, there is no question whether ISA controls traffic across your
> network edge.
>
> Jim
>
> -----Original Message-----
> From: Justin Martin [mailto:martinjustin@xxxxxxxxxxx]
> Sent: Monday, September 15, 2008 7:41 AM
> To: Jim Harrison
> Subject: FW: [isalist] Re: Simple question
>
>
> It would be used for Dial-in vpn, web proxy, as well as the firewall and port
> forwarding etc. The ISA box is configured with two nics.
>
> You have me a little confused though with changing the router subnet???
> Should i change the router to use something like 172.16.1.1 and use one of
> the nic's in the isa box configured as 172.16.1.10 and have the other nic
> configured as 192.168.1.x for the internal side?
>
> Should i be putting the ISA box on the DMZ of the router?
>
> Thanks very much.
>
>
>
> ________________________________
>
> From: Jim@xxxxxxxxxxxx
> To: isalist@xxxxxxxxxxxxx
> Date: Mon, 15 Sep 2008 07:28:53 -0700
> Subject: [isalist] Re: Simple question
>
>
>
> That depends; what do you want from ISA?
>
> - Web proxy
>
> - * Winsock proxy
>
> - * SOCKS proxy
>
> - * Server-publishing (SMTP, IMAP, POP3)
>
> - Web-publishing (Exchange, MOSS, etc.)
>
> - * Site-to-site VPN
>
> - Dial-in VPN
>
> Anything marked with a "*" is unavailable id you decide to deploy ISA in
> single-network mode.
>
> If you can change the "router" subnet, that's the simplest task.
>
> You'll then use the 192.168.255 as the ISA internal network.
>
> This way, you don't have to re-IP your whole network.
>
>
>
> Jim
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Justin Martin
> Sent: Monday, September 15, 2008 7:16 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Simple question
>
>
>
> Ok so i am somewhat new to ISA and was wondering if someone can make some
> suggestions.
>
> The setup in question is this.
>
> The user is currently using 192.168.255.x / 255.255.255.0 for the internal
> network.
> The dns server is 192.168.255.10
> The router (dlink) is configured as 192.168.255.1 and acts as the gateway for
> all machines. The router is not configured to use a DMZ and incoming traffic
> is using the NAT. They do not have a static ip on the internet side.
>
>
> When placing the ISA box into the network should the ip address scheme
> change? or can it simply be added to the domain and used in the same range?
>
> Should I just put the ISA box on the DMZ and let it take care of all of the
> traffic inbound via rules?
>
>
> Any thoughts or suggestions would be appreciated.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
________________________________
Other related posts:
