RE: ISA Server 2004 Issues

  • From: "vesterby@xxxxxxxx" <vesterby@xxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx, isalist@xxxxxxxxxxxxx
  • Date: Wed, 8 Sep 2004 17:58:26 GMT


In order to get things rolling quickly, I've been asked to just concentrate on 
the proxy server part of ISA and worry about the firewall later.  I have a 
couple more questions, though.

You mentioned the external interface is the one with the gateway.  But if the 
internal interface doesn't have a gateway, how will ISA server know how to get 
to our different subnets?  That was the reason I asked if I need to add routes.

The other thing is my company is insisting that we run some other things on the 
same server as ISA (to save money on servers) and my recommendation to not do 
this has gone unheeded.  They want to run Microsoft SUS and RIS server.  Can 
you give me valid reasons I can present to my management why it isn't a good 
idea to run these on the same server?  Our company has about 350 employees.

Lastly, how can I obtain a copy of the Quick Start guide?  The company I work 
for seems to want to implement ISA server quickly.  Thanks.

-- "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote:

Hi John,

Several tips to help you get up and running with the ISA firewall:

1. Install the ISA firewall as a back-end ISA firewall with at least two
NICs. Running the ISA firewall in unihomed single-NIC mode is like
taking three wheels off a Ferrari because it "goes too fast".

2. Don't run Web sites on the ISA firewall. If you have a Checkpoint
Server, but the Web sites on that. Even better, put them on a protected

3. The ISA firewall doesn't use a LAT.

4. Install as many interfaces on the ISA firewall as you like. Just one
is the External interface and that is the one with the default gateway.


Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
MVP -- ISA Firewalls

-----Original Message-----
From: vesterby@xxxxxxxx [mailto:vesterby@xxxxxxxx] 
Sent: Tuesday, September 07, 2004 8:05 PM
To: [ Discussion List]
Subject: [isalist] ISA Server 2004 Issues


I'm new to ISA Server and could use some recommendations regarding some
issues I'm having with installing ISA Server 2004 (Standard Edition).
are currently using an NT domain and plan to migrate to an Active
Directory domain within the next 3 months.  I installed ISA Server 2004
with a single network adapter (caching only), but when I try to access
the server for http access to the Internet, I am prompted for
authentication but when I log in, nothing happens.  It is set up for
integrated authentication.

I think part of the problem (which I'll test tomorrow) is that IIS is
also installed and is listening on port 80 - the same port that I have
ISA Server listening on.  We currently have Proxy Server 2.0, which is
integrated with IIS, so I had installed ISA Server with IIS thinking
it needed it but then realized it didn't.  There are a couple of other
issues too, including:

1) I'm not sure the LAT table is correct - does the caching server even
need the LAT table?  I'm thinking it needs it if I use the firewall (we
have 2 X Nokia Checkpoint firewalls but I had considered using the
firewall feature in ISA to make it a backend firewall for more
 We have a 192.236.x.x/22 network and also a 10.10.1.x/24 network.
2) The server I built has a default gateway but there may be cases with
ISA where I want to take the default gateway out and add static routes.

If you could provide recommendations on the above issues, I'd really
appreciate it.  Thanks.

- John

Get your name as your email address.
Includes spam protection, 1GB storage, no ads and more
Only $1.99/ month - visit today!

Other related posts: