[isalist] Re: Simple question

  • From: Jim Harrison <Jim@xxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 15 Sep 2008 07:44:28 -0700


(keeping the list engaged; no private data yet)

Your subnet changes are spot-on.  The actual subnet ID is unimportant (you 
could just as easily use 10.10.10/24 if you wanted) as long as they're 
different for each ISA NIC.
You should place ISA between your internal network and the "router".
This way, there is no question whether ISA controls traffic across your network 


-----Original Message-----
From: Justin Martin [mailto:martinjustin@xxxxxxxxxxx]
Sent: Monday, September 15, 2008 7:41 AM
To: Jim Harrison
Subject: FW: [isalist] Re: Simple question

It would be used for Dial-in vpn, web proxy, as well as the firewall and port 
forwarding etc. The ISA box is configured with two nics.

You have me a little confused though with changing the router subnet??? Should 
i change the router to use something like and use one of the nic's 
in the isa box configured as and have the other nic configured as 
192.168.1.x for the internal side?

Should i be putting the ISA box on the DMZ of the router?

Thanks very much.


From: Jim@xxxxxxxxxxxx
To: isalist@xxxxxxxxxxxxx
Date: Mon, 15 Sep 2008 07:28:53 -0700
Subject: [isalist] Re: Simple question

That depends; what do you want from ISA?

-        Web proxy

-        * Winsock proxy

-        * SOCKS proxy

-        * Server-publishing (SMTP, IMAP, POP3)

-        Web-publishing (Exchange, MOSS, etc.)

-        * Site-to-site VPN

-        Dial-in VPN

Anything marked with a "*" is unavailable id you decide to deploy ISA in 
single-network mode.

If you can change the "router" subnet, that's the simplest task.

You'll then use the 192.168.255 as the ISA internal network.

This way, you don't have to re-IP your whole network.


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Justin Martin
Sent: Monday, September 15, 2008 7:16 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Simple question

Ok so i am somewhat new to ISA and was wondering if someone can make some 

The setup in question is this.

The user is currently using 192.168.255.x / for the internal 
The dns server is
The router (dlink) is configured as and acts as the gateway for 
all machines. The router is not configured to use a DMZ and incoming traffic is 
using the NAT. They do not have a static ip on the internet side.

When placing the ISA box into the network should the ip address scheme change? 
or can it simply be added to the domain and used in the same range?

Should I just put the ISA box on the DMZ and let it take care of all of the 
traffic inbound via rules?

Any thoughts or suggestions would be appreciated.


Upgrade to Hotmail Plus and share more photos with bigger attachments. Click 
here to find out how Click here to find out how 


Upgrade to Hotmail Plus and share more photos with bigger attachments. Click 
here to find out how Click here to find out how 
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
Visit TechGenix.com for more information about our other sites:
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: