[isalist] Re: Simple question

  • From: "Steven Comeau" <scomeau@xxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 15 Sep 2008 11:54:57 -0400

In one instance, I connect my cable modem directly to my ISA server on a
dedicated External NIC (DHCP).  I use the wireless router on the same
subnet as the clients (different NIC), however, I use MAC address
filtering.  In a larger scenario, for wireless authentication, I play
with a variation of DNS Redirector on a dedicated subnet (separate NIC)
on the ISA server.

 

Steve Comeau

IT Manager

Rutgers Athletics

83 Rockafeller Road

Piscataway, NJ  08854

732-445-7802

732-445-4623 (fax)

www.scarletknights.com <http://www.scarletknights.com> 

 

 

 

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Joe Pochedley
Sent: Monday, September 15, 2008 11:49 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Simple question

 

With a setup the way you're talking (the Dlink between the modem and
ISA), your wireless clients will bypass ISA.  Is this what you want?  

 

Since you're putting in ISA, I'm guessing you don't want any clients
bypassing ISA (or else, why even bother, right?)...   Hence, I'd
recommend bringing the dlink inside the ISA and strictly use it as a
wireless access point instead of a router.  If you wanted to get really
fancy, you could segregate the wireless users off a third leg of ISA
(with a third NIC in the ISA box) and maintain better security with
them...  But I digress... J

 

ISAServer.org has a tutorial for setting up ISA with a cable modem and
dynamic addresses.

 

http://www.isaserver.org/tutorials/How_to_Set_up_an_ISA_Server_with_a_Ca
ble_Modem_Connection.html

 

HTH

 

Joe P

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Justin Martin
Sent: Monday, September 15, 2008 11:06 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Simple question

 

There is a cable modem. The router is also being used for wireless
clients. Does it matter if there is no Static external IP address?


Thanks

________________________________

> From: joepochedley@xxxxxxxxx
> To: isalist@xxxxxxxxxxxxx
> Date: Mon, 15 Sep 2008 10:56:18 -0400
> Subject: [isalist] Re: Simple question
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> What is on the other side of the Dlink router? Do you have a separate
DSL/Cable modem upstream?
> 
> If you do have a separate DSL/Cable modem, why not just remove the
Dlink router from the equation all-together? Hook the DSL/Cable modem
direct to the ISA server. Then you won't need to run a back-to-back NAT
scenario.
> 
> Joe P
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Monday, September 15, 2008 10:44 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Simple question
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> (keeping the list engaged; no private data yet)
> 
> Your subnet changes are spot-on. The actual subnet ID is unimportant
(you could just as easily use 10.10.10/24 if you wanted) as long as
they're different for each ISA NIC.
> You should place ISA between your internal network and the "router".
> This way, there is no question whether ISA controls traffic across
your network edge.
> 
> Jim
> 
> -----Original Message-----
> From: Justin Martin [mailto:martinjustin@xxxxxxxxxxx]
> Sent: Monday, September 15, 2008 7:41 AM
> To: Jim Harrison
> Subject: FW: [isalist] Re: Simple question
> 
> 
> It would be used for Dial-in vpn, web proxy, as well as the firewall
and port forwarding etc. The ISA box is configured with two nics.
> 
> You have me a little confused though with changing the router
subnet??? Should i change the router to use something like 172.16.1.1
and use one of the nic's in the isa box configured as 172.16.1.10 and
have the other nic configured as 192.168.1.x for the internal side?
> 
> Should i be putting the ISA box on the DMZ of the router?
> 
> Thanks very much.
> 
> 
> 
> ________________________________
> 
> From: Jim@xxxxxxxxxxxx
> To: isalist@xxxxxxxxxxxxx
> Date: Mon, 15 Sep 2008 07:28:53 -0700
> Subject: [isalist] Re: Simple question
> 
> 
> 
> That depends; what do you want from ISA?
> 
> - Web proxy
> 
> - * Winsock proxy
> 
> - * SOCKS proxy
> 
> - * Server-publishing (SMTP, IMAP, POP3)
> 
> - Web-publishing (Exchange, MOSS, etc.)
> 
> - * Site-to-site VPN
> 
> - Dial-in VPN
> 
> Anything marked with a "*" is unavailable id you decide to deploy ISA
in single-network mode.
> 
> If you can change the "router" subnet, that's the simplest task.
> 
> You'll then use the 192.168.255 as the ISA internal network.
> 
> This way, you don't have to re-IP your whole network.
> 
> 
> 
> Jim
> 
> 
> 
> From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Justin Martin
> Sent: Monday, September 15, 2008 7:16 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Simple question
> 
> 
> 
> Ok so i am somewhat new to ISA and was wondering if someone can make
some suggestions.
> 
> The setup in question is this.
> 
> The user is currently using 192.168.255.x / 255.255.255.0 for the
internal network.
> The dns server is 192.168.255.10
> The router (dlink) is configured as 192.168.255.1 and acts as the
gateway for all machines. The router is not configured to use a DMZ and
incoming traffic is using the NAT. They do not have a static ip on the
internet side.
> 
> 
> When placing the ISA box into the network should the ip address scheme
change? or can it simply be added to the domain and used in the same
range?
> 
> Should I just put the ISA box on the DMZ and let it take care of all
of the traffic inbound via rules?
> 
> 
> Any thoughts or suggestions would be appreciated.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/ 
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 

________________________________


***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com ***

JPEG image

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2008