Gene,
1- There is two kind of DSL service from the ISP to broad band router in your case; The first is that the DSL router has a dynamic IP from the ISP and all network behind will be also dynamic from that range... the Seconed is that the DSL router has a dynamic IP from the ISP but the inside interface (( as ALl DSL router has at least two interfaces ; one to the telecom company, and the other is RJ 45 to your entire network )) ; I say that the inside interface should have a static IP from a different subnet or even different IP class, and there will be a entire nating mechanism between the two interface inside the router....
Anyway, easily... your network has a default gateway , right? let's say it is (( acording to your diagram )) 10.11.1.1/24.. ok? this Ip should be on the inside interface of the DSL router...
So, in order to not damage your entire network and rebuild it's IP schema again, , simply login to the DSL router and change the entire interface IP to 192.168.1.1...... as example
Then give the outside interface of the ISA server IP from that range, let's say .. 192.168.1.20
and the inside interface of the ISA server ofcourse should be 10.11.1.1 as it will be the gateway of all your network....
2- about the rules and how you can do it, I think somewhere in ISA you will find a link to make a rule.. it's simple as it will be a wizard...
it was simple in ISA 2000 and getting easier in 2004...
I think you can do all configuration by wizard in 2004 , even the routing... so I think it will be much easier with ISA 2006.......
but about the rule configuration, I extports some configuration from my ISA and save it as Excel Sheets..
It's attached here , so review it and hope it help you
From: Gene Sibbs <gen_sib@xxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SME LAN and ISA
Date: Sun, 21 May 2006 10:41:28 -0700 (PDT)
Thanks a stack Egyptian Mind, I am busy acid testing the solution you're proposing. I will let you know how it holds.If you may; I will be happy if you can expand a bit for me bulletin 5 and 6...it is a little bit unclear?5. ISP is DHCP pushing IP addresses down my ADSL router throat. How may I go about assigning IP address to the Outside interface?6. shed light a bit by means of showing me an example?Thanks once again for the proposed solution..Kindest regards,Gene Sibbs
Egyptian Mind <innocent_angel_eng@xxxxxxxxxxx> wrote:http://www.ISAserver.org ------------------------------------------------------------------------------------------------------------- List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx
1- install the ISA server after the adsl router and before the switch.2- put two interface cards in the server3- attach one interface with the adsl router ( outside ) and the other to the unmanged switch ( inside )4- assign an IP from your local lan to the inside interface5- assign any IP of the range that given from the ISP ( after the router nat ) to the ouside interface6- make ur own rules on the ISA serverBASIC SME NETWork SETUPInternet Cloud
|
|
|
|
ADSL (AZTECH ETHERNET USB) Broadband Router
DHCP
| _____________________________
| | |
|___outside interface ( 10.11.1.1/24) | ISA Server
___insdie interface ( 192.168.1.1/24 ) |
| |_____________________________|
|
|______________________
LoCAL AREA NETWORK (Unmanaged Switch)
LAN IP Address 192.168.1.0/24______________________________
SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*)
AD OpenSource Helpdesk System
DHCP OpenSource Network Monitoring(nagios, nmis)
DNS SMS Pager
Intranet AV(clamWin Free AV)
Accounting
MAILs (Pulled from ISP thru pop3 connector)
CRM
WSUS
AV (clamWin Free AV + AVG)!~` Yesterday is a History` ~!!~` Tomorrow is a Mystery` ~!!~` Today is a Gift` ~!!~` So we call it ...............` ~!!~` Present .......Simple` ~!Mob : +966 50 2953591
From: Gene Sibbs <gen_sib@xxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SME LAN and ISA
Date: Sun, 21 May 2006 02:25:59 -0700 (PDT)
Greetings,I have attached a basic LAN setup diagram and I would like to pick your brains as far as the security is concerned.My objective is that the In/Outbound traffic must pass thru ISA boxBase on the attached design I feel that the security is lacking. I have downloaded ISA 2006 BETA version...and I want to introduce ISA Server as a member of the family to beef-up security.How can I make ISA Server 2006 beta play with this basic design, bearing in mind that I don't have a static IP address from my ISP. My ADSL is dhcp obtaining the IP address from ISP.I want to run ISA2006 on a separate box completely.With many thanks!Gene Sibbs
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
Feel free to call! Free PC-to-PC calls. Low rates on PC-to-Phone. Get Yahoo! Messenger with Voice
>BASIC SME NETWork SETUP
>
>Internet Cloud
> |
> |
> |
> |
>ADSL (AZTECH ETHERNET USB) Broadband Router
> DHCP
> |
> |
> |
>________|______________________
>LoCAL AREA NETWORK (Unmanaged Switch)
>LAN IP Address 10.11.1.0/24
>
>______________________________
>
>SBS2003-BOX (HP DL3*) LINUX-Box (HP DL3*)
>
>AD OpenSource Helpdesk System
>DHCP OpenSource Network Monitoring(nagios, nmis)
>DNS SMS Pager
>Intranet AV(clamWin Free AV)
>Accounting
>MAILs (Pulled from ISP thru pop3 connector)
>CRM
>WSUS
>AV (clamWin Free AV + AVG)
>______________________________
>
>Security is an issue here...
>
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.