RE: ISA-/DNS Query-Please Advice
- From: hodakara kara <hatem20102011@xxxxxxxxx>
- To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 13 Aug 2005 04:48:51 -0700 (PDT)
its small firewall
Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:http://www.ISAserver.org
What is "WinProxy"?
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
---------------------------------
From: hodakara kara [mailto:hatem20102011@xxxxxxxxx]
Sent: Saturday, August 13, 2005 5:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA-/DNS Query-Please Advice
http://www.ISAserver.org Dear all,
My network consist of the follwoing enviroment - with WinProxy as Firewall- :-
1. Domain Controller,with DNS on it ,, with the following Settings on the
IP :-
IP:- 90.0.0.10
SM: 255.255.255.0
GW: 90.0.0.20 --------------------------> this is the internal IP of
WinProxy Interface.
DNS: 90.0.0.10 --------------------------> it register it self in the current
DNS - internal DNS-
2. 30 users, Windows XP-Pro, SP2 on it and they configured to register there
self in the DNS which is ( 90.0.0.10 ), and GW which is ( 90.0.0.20), i mean
all the users have this DNS ( 90.0.0.10), and have this Default Gateway (
90.0.0.20).
3. The internal DNS server configured to forward all the quires to the
internal IP-Address of WinProxy which is ( 90.0.0.20), inorder to be able to
browse internet names and able to reslove the external domains as well.
4. One Firewall which is WinProxy, not under our doamin, which have 2 NIC with
the following informations:-
First Nic on WinProxy:-
===================
IP : 90.0.0.20
SM : 255.255.255.0
GW : N/A
DNS : N/A
Second Nic on WinProxy which is connected to Router, and then the router
connect to VSAT:-
================================
IP : 213.255.237.106
SM : 255.255.255.248
GW : 213.255.237.105
DNS : 213.255.237.8
213.255.237.9
and we are behind firewall, even we configure the Outlook to use the IP-
Address of the internal WinProxy interface as POP3 & SMTP.
and on the WinProxy, we configured the SMTP& POP3 with the real IP-Address.
=====================================================================
Now we are going to install ISA server 2000.
i want to know if this steps which i am going to do is correct or not .
1. i will bring new server for ISA, with 2 Nic.
2. install Win Server on it .
3. Give the internal interface of the ISA this IP ( 90.0.0.10), and this DNS (
90.0.0.10), without Gateway on it .
4. install DNS server on ISA.
5.Configure the DNS to lisiten only on the Internal Interface - not external.
6.Create the Forward lookup Zone and Reverse Lookup Zone.
7.Make the Local DNS forward the query to the external DNS of the ISP.
8. install the domain controller on the other machine and let it to register it
self on the Internal IP of ISA. and put the gateway also for that .
9. let all the user register them self in the the current DNS.
10. Configure the users normally.
11. make sure that the server & the Clients able to browse and see the internt.
=================================================================
second Part , install the DNS server on the ISA server it self and we will
start working on it .
So my question is :-
1. is there any thing wrong in this configuration, from installing DNS server
on the ISA server and let all the users register them self in the DNS which is
located on the ISA, and configured the ISA server to forward the quires to the
external DNS of the ISP ? if there is any Problem, do you receommend any other
solution . ?
2. After i install on each client the Firewall Client software which is come
from ISA server , is there any traffic i should allow for the inbound /
outbound for the DNS to go from ISA server to the external DNS server of the
ISP, so is there any Protocol Rule or Packet filter should i do it , in order
to let the traffic go out from my ISA server to the external DNS, and to inter
from the external DNS to my ISA server ?
Please Help in this situation , as soon as possible .
--
thanks
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com ------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Visit TechGenix.com for
more information about our other sites: http://www.techgenix.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to
listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
hatem20102011@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
---------------------------------
Start your day with Yahoo! - make it your home page
Other related posts:
