Suggestion for setup and backup
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 22 Jul 2003 21:10:20 -0500
tsingh
Junior Member
Member # 1496
Rate Member
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496>
posted July 19, 2003 04:33 AM
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496>
<http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=000014
96>
<http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=1;t=002364;r
eply_num=000000;u=00001496>
<http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=1;t=002364;reply
to=000000>
_____
ISAS2000 Configuration Guideline
This config is what I used to ready a backup ISA server in case of
disaster. Thought it would be worthwhile sharing ....
Windows 2000 server with sp3+ (not sp4)
join domain
create c:\systemlogs\rras, \isa\webproxy, \isa\firewall,
\isa\packetfilters
configure interfaces south and north
fake south ip and correct public ips
LAT better be right.
install windows 2000 support tools (.ocx
required for Import/Export tool)
install pstools
install isa server and configure basic info
change logging locations
change intra array address
add LDT - *.yourlocaldomail.com
change HTTP Redirector filter option to send direct to website if local
proxy is not available
disable h.323 application filter
create one server or web publishing rule to test isa as well
run the vpn wizard and restart to complete rras startup
configure rras settings
ensure that north/south interface have correct primary ips
change dhcp settings to static pool of 150.64.12.61 - 150.64.12.80 (20
ips)
also change ras adapter to South to search for dhcp servers
change logging locations as above
delete default dial-in policy
add ISA Dial In Users policy as follows
conditions - windowsgroup - ISA Dial In Users
encryption changes to strong and strongest
idle disconnect set to 120mins and total time to 600mins
test vpn access for yourself
test web/server publishing rules as well
GHOST THIS IMAGE WHEN WORKING WELL.
isa configuration - complete
apply SP1, FP1
apply HF176 - for shoutcast streaming fault (mem leak) - this was a
problem i had
apply HF260 - for FTP PASV connections dropping (uses multiple ext IPs
for connections) - this was a problem i had
change Incoming Web Requests - add all webfacing IPs on the external
interface (80/443)
export the latest settings from isa server to .isa files -
www.isatools.org <http://www.isatools.org/>
note: protocol rules and site/content rules need "machine-specific
settings" checked
import in the following order
content groups
custom protocol definitions
client address sets
destination sets
schedules
ip packet filters
protocol rules - (needs machine-specific properties set)
site and content rules - (needs machine-specific properties set)
add all web publising rules manually from isainfo.txt file
run the secure mail wizard and publish smtp in, smtp out, pop3 services
enable alerts for startup, shutdown, initialization failure, no response
and misconfig
create weekly (6pm) and daily (8pm) reports
run the ISAInfo.vbs file to compile ISA system profile
GHOST THIS IMAGE WHEN WORKING WELL.
Right. So, to bring to bad boy live, first change the local or South IP
address to the same as the live server, and switch the server network
cables (North and South) and restart the backup (to be live) server.
Note that the IntraArryaddress problem must be solved as mentioned on
(if you have this stupid problem). look it up..
also, to manage this bad boy remotely, you need to do this ...
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984>
CHEERS, TSINGH.
[ July 19, 2003, 04:38 AM: Message edited by: tsingh ]
_____
Posts: 17 | From: Toronto, On, Canada | Registered: Jun 2001 | IP:
Logged
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_ip;f=1;t=002364;repl
y_num=000000>
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
Other related posts:
- » Suggestion for setup and backup
