tsingh Junior Member Member # 1496 Rate Member <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496> posted July 19, 2003 04:33 AM <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496> <http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=000014 96> <http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=1;t=002364;r eply_num=000000;u=00001496> <http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=1;t=002364;reply to=000000> _____ ISAS2000 Configuration Guideline This config is what I used to ready a backup ISA server in case of disaster. Thought it would be worthwhile sharing .... Windows 2000 server with sp3+ (not sp4) join domain create c:\systemlogs\rras, \isa\webproxy, \isa\firewall, \isa\packetfilters configure interfaces south and north fake south ip and correct public ips LAT better be right. install windows 2000 support tools (.ocx required for Import/Export tool) install pstools install isa server and configure basic info change logging locations change intra array address add LDT - *.yourlocaldomail.com change HTTP Redirector filter option to send direct to website if local proxy is not available disable h.323 application filter create one server or web publishing rule to test isa as well run the vpn wizard and restart to complete rras startup configure rras settings ensure that north/south interface have correct primary ips change dhcp settings to static pool of 150.64.12.61 - 150.64.12.80 (20 ips) also change ras adapter to South to search for dhcp servers change logging locations as above delete default dial-in policy add ISA Dial In Users policy as follows conditions - windowsgroup - ISA Dial In Users encryption changes to strong and strongest idle disconnect set to 120mins and total time to 600mins test vpn access for yourself test web/server publishing rules as well GHOST THIS IMAGE WHEN WORKING WELL. isa configuration - complete apply SP1, FP1 apply HF176 - for shoutcast streaming fault (mem leak) - this was a problem i had apply HF260 - for FTP PASV connections dropping (uses multiple ext IPs for connections) - this was a problem i had change Incoming Web Requests - add all webfacing IPs on the external interface (80/443) export the latest settings from isa server to .isa files - www.isatools.org <http://www.isatools.org/> note: protocol rules and site/content rules need "machine-specific settings" checked import in the following order content groups custom protocol definitions client address sets destination sets schedules ip packet filters protocol rules - (needs machine-specific properties set) site and content rules - (needs machine-specific properties set) add all web publising rules manually from isainfo.txt file run the secure mail wizard and publish smtp in, smtp out, pop3 services enable alerts for startup, shutdown, initialization failure, no response and misconfig create weekly (6pm) and daily (8pm) reports run the ISAInfo.vbs file to compile ISA system profile GHOST THIS IMAGE WHEN WORKING WELL. Right. So, to bring to bad boy live, first change the local or South IP address to the same as the live server, and switch the server network cables (North and South) and restart the backup (to be live) server. Note that the IntraArryaddress problem must be solved as mentioned on (if you have this stupid problem). look it up.. also, to manage this bad boy remotely, you need to do this ... http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984 <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984> CHEERS, TSINGH. [ July 19, 2003, 04:38 AM: Message edited by: tsingh ] _____ Posts: 17 | From: Toronto, On, Canada | Registered: Jun 2001 | IP: Logged <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_ip;f=1;t=002364;repl y_num=000000> Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp