[isalist] Re: Simple question

http://www.ISAserver.org
-------------------------------------------------------

What is on the other side of the Dlink router? Do you have a separate DSL/Cable 
modem upstream?

If you do have a separate DSL/Cable modem, why not just remove the Dlink router 
from the equation all-together?  Hook the DSL/Cable modem direct to the ISA 
server.  Then you won't need to run a back-to-back NAT scenario.

Joe P

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Monday, September 15, 2008 10:44 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Simple question

http://www.ISAserver.org
-------------------------------------------------------

(keeping the list engaged; no private data yet)

Your subnet changes are spot-on.  The actual subnet ID is unimportant (you 
could just as easily use 10.10.10/24 if you wanted) as long as they're 
different for each ISA NIC.
You should place ISA between your internal network and the "router".
This way, there is no question whether ISA controls traffic across your network 
edge.

Jim

-----Original Message-----
From: Justin Martin [mailto:martinjustin@xxxxxxxxxxx]
Sent: Monday, September 15, 2008 7:41 AM
To: Jim Harrison
Subject: FW: [isalist] Re: Simple question


It would be used for Dial-in vpn, web proxy, as well as the firewall and port 
forwarding etc. The ISA box is configured with two nics.

You have me a little confused though with changing the router subnet??? Should 
i change the router to use something like 172.16.1.1 and use one of the nic's 
in the isa box configured as 172.16.1.10 and have the other nic configured as 
192.168.1.x for the internal side?

Should i be putting the ISA box on the DMZ of the router?

Thanks very much.



________________________________

From: Jim@xxxxxxxxxxxx
To: isalist@xxxxxxxxxxxxx
Date: Mon, 15 Sep 2008 07:28:53 -0700
Subject: [isalist] Re: Simple question



That depends; what do you want from ISA?

-        Web proxy

-        * Winsock proxy

-        * SOCKS proxy

-        * Server-publishing (SMTP, IMAP, POP3)

-        Web-publishing (Exchange, MOSS, etc.)

-        * Site-to-site VPN

-        Dial-in VPN

Anything marked with a "*" is unavailable id you decide to deploy ISA in 
single-network mode.

If you can change the "router" subnet, that's the simplest task.

You'll then use the 192.168.255 as the ISA internal network.

This way, you don't have to re-IP your whole network.



Jim



From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Justin Martin
Sent: Monday, September 15, 2008 7:16 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Simple question



Ok so i am somewhat new to ISA and was wondering if someone can make some 
suggestions.

The setup in question is this.

The user is currently using 192.168.255.x / 255.255.255.0 for the internal 
network.
The dns server is 192.168.255.10
The router (dlink) is configured as 192.168.255.1 and acts as the gateway for 
all machines. The router is not configured to use a DMZ and incoming traffic is 
using the NAT. They do not have a static ip on the internet side.


When placing the ISA box into the network should the ip address scheme change? 
or can it simply be added to the domain and used in the same range?

Should I just put the ISA box on the DMZ and let it take care of all of the 
traffic inbound via rules?


Any thoughts or suggestions would be appreciated.

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: