[isalist] Re: Simple question

  • From: Justin Martin <martinjustin@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 15 Sep 2008 11:03:10 -0400

Ok - thanks.

So i can use the following.

Router 
ip: 172.16.1.1
sm:255.255.0.0

using DMZ on 172.16.1.10

ISA nic#1 
ip: 192.168.1.5
sm:255.255.255.0
gw:
dns:192.168.1.10

ISA nic#2
ip:172.16.1.10
sm:255.255.0.0
gw:172.16.1.1

DHCP on the internal network hands out 192.168.255.100-150 / 255.255.255.0 with 
the dns and gateway options configured - i suppose i need to remove the gateway 
option?

When configuring the internal networks I would just add 192.168.255.x during 
the ISA configuration?

Thanks

> From: Jim@xxxxxxxxxxxx
> To: isalist@xxxxxxxxxxxxx
> Date: Mon, 15 Sep 2008 07:44:28 -0700
> Subject: [isalist] Re: Simple question
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> (keeping the list engaged; no private data yet)
> 
> Your subnet changes are spot-on.  The actual subnet ID is unimportant (you 
> could just as easily use 10.10.10/24 if you wanted) as long as they're 
> different for each ISA NIC.
> You should place ISA between your internal network and the "router".
> This way, there is no question whether ISA controls traffic across your 
> network edge.
> 
> Jim
> 
> -----Original Message-----
> From: Justin Martin [mailto:martinjustin@xxxxxxxxxxx]
> Sent: Monday, September 15, 2008 7:41 AM
> To: Jim Harrison
> Subject: FW: [isalist] Re: Simple question
> 
> 
> It would be used for Dial-in vpn, web proxy, as well as the firewall and port 
> forwarding etc. The ISA box is configured with two nics.
> 
> You have me a little confused though with changing the router subnet??? 
> Should i change the router to use something like 172.16.1.1 and use one of 
> the nic's in the isa box configured as 172.16.1.10 and have the other nic 
> configured as 192.168.1.x for the internal side?
> 
> Should i be putting the ISA box on the DMZ of the router?
> 
> Thanks very much.
> 
> 
> 
> ________________________________
> 
> From: Jim@xxxxxxxxxxxx
> To: isalist@xxxxxxxxxxxxx
> Date: Mon, 15 Sep 2008 07:28:53 -0700
> Subject: [isalist] Re: Simple question
> 
> 
> 
> That depends; what do you want from ISA?
> 
> -        Web proxy
> 
> -        * Winsock proxy
> 
> -        * SOCKS proxy
> 
> -        * Server-publishing (SMTP, IMAP, POP3)
> 
> -        Web-publishing (Exchange, MOSS, etc.)
> 
> -        * Site-to-site VPN
> 
> -        Dial-in VPN
> 
> Anything marked with a "*" is unavailable id you decide to deploy ISA in 
> single-network mode.
> 
> If you can change the "router" subnet, that's the simplest task.
> 
> You'll then use the 192.168.255 as the ISA internal network.
> 
> This way, you don't have to re-IP your whole network.
> 
> 
> 
> Jim
> 
> 
> 
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
> Behalf Of Justin Martin
> Sent: Monday, September 15, 2008 7:16 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Simple question
> 
> 
> 
> Ok so i am somewhat new to ISA and was wondering if someone can make some 
> suggestions.
> 
> The setup in question is this.
> 
> The user is currently using 192.168.255.x / 255.255.255.0 for the internal 
> network.
> The dns server is 192.168.255.10
> The router (dlink) is configured as 192.168.255.1 and acts as the gateway for 
> all machines. The router is not configured to use a DMZ and incoming traffic 
> is using the NAT. They do not have a static ip on the internet side.
> 
> 
> When placing the ISA box into the network should the ip address scheme 
> change? or can it simply be added to the domain and used in the same range?
> 
> Should I just put the ISA box on the DMZ and let it take care of all of the 
> traffic inbound via rules?
> 
> 
> Any thoughts or suggestions would be appreciated.
> 
> ________________________________
> 
> Upgrade to Hotmail Plus and share more photos with bigger attachments. Click 
> here to find out how Click here to find out how 
> <http://get.live.com/en-ca/mailplus/features>
> 
> 
> ________________________________
> 
> Upgrade to Hotmail Plus and share more photos with bigger attachments. Click 
> here to find out how Click here to find out how 
> <http://get.live.com/en-ca/mailplus/features>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 

_________________________________________________________________

Other related posts: