Re: ISA Server DMZ Scenarios,DNS for ISA Server

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 19 Dec 2001 07:06:11 -0800

You can operate ISA behind other firewalls; just make sure that ISA
understands how to use them to reach the Internet (routing rules, etc.)
As far as IP assignment, just make sure that the internal and external
interfaces don't share the same subnet.  Much frustration to be had if you
do.
You don't need AD just to host DNS.
By the same token, AD doesn't work without DNS.
On the third hand, AD on an ISA is a very weak security model.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the book!

----- Original Message -----
From: "Souko souko" <ssouko@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 19, 2001 06:15
Subject: [isalist] ISA Server DMZ Scenarios,DNS for ISA Server


http://www.ISAserver.org


Hi,

Really good work on Isaserver.org, Congrats.
I was reading your articles because I'm facing exactly the same scenario.
I've got a Firewall 1 already installed in a Three Homed configuration with
real IP's for the DMZ servers (WEB...). I need to go to back to back with
real IP's (don't want to lose the granted IP's) with ISA as the internal
firewall. I'm going to publish the internal SQl so that the IIS in the DMZ
can see it. Do you see any problems having ISA -> DMZ -> FW 1 ? I'm thinking
of giving the existing internal IP of FW1 to ISA so I won't need to
reconfigure the internal clients. Is there something to fear ;-) or look out
for?

Finally (Please excuse me if this a newbie question)
There aren't any internal DNS servers. DNS is external. Can ISA perform any
DNS caching? Is it preferable - possible to have ISA configured as a PDC in
its own domain to resolve DNS?

P.S. Thanks to all for the replies on my previous post. I've got my sleep
after all, so because I keep my word if anybody visits Greece I'm buying the
Beers!



Thanks in advance.

_________________________________________________________________
Join the world's largest e-mail service with MSN Hotmail.
http://www.hotmail.com


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2001