Tom, Can it be concluded that SVC pack 4 (on WIN 2k) is not recommended for production ISA server? Or just for a backup system? Thanks. jp -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, July 22, 2003 9:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] Suggestion for setup and backup http://www.ISAserver.org http://www.ISAserver.org BM_000000tsingh Junior Member Member # 1496 <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496> Rate Member <http://forums.isaserver.org/ubb/icons/icon1.gif> posted July 19, 2003 04:33 AM <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496> Profile for tsingh <http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=00001496> Send New Private Message <http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=1;t=002364;reply _num=000000;u=00001496> Edit/Delete Post <http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=1;t=002364;replyto=0 00000> Reply With Quote _____ ISAS2000 Configuration Guideline This config is what I used to ready a backup ISA server in case of disaster. Thought it would be worthwhile sharing .... Windows 2000 server with sp3+ (not sp4) join domain create c:\systemlogs\rras, \isa\webproxy, \isa\firewall, \isa\packetfilters configure interfaces south and north fake south ip and correct public ips LAT better be right. install windows 2000 support tools (.ocx required for Import/Export tool) install pstools install isa server and configure basic info change logging locations change intra array address add LDT - *.yourlocaldomail.com change HTTP Redirector filter option to send direct to website if local proxy is not available disable h.323 application filter create one server or web publishing rule to test isa as well run the vpn wizard and restart to complete rras startup configure rras settings ensure that north/south interface have correct primary ips change dhcp settings to static pool of 150.64.12.61 - 150.64.12.80 (20 ips) also change ras adapter to South to search for dhcp servers change logging locations as above delete default dial-in policy add ISA Dial In Users policy as follows conditions - windowsgroup - ISA Dial In Users encryption changes to strong and strongest idle disconnect set to 120mins and total time to 600mins test vpn access for yourself test web/server publishing rules as well GHOST THIS IMAGE WHEN WORKING WELL. isa configuration - complete apply SP1, FP1 apply HF176 - for shoutcast streaming fault (mem leak) - this was a problem i had apply HF260 - for FTP PASV connections dropping (uses multiple ext IPs for connections) - this was a problem i had change Incoming Web Requests - add all webfacing IPs on the external interface (80/443) export the latest settings from isa server to .isa files - <http://www.isatools.org/> www.isatools.org note: protocol rules and site/content rules need "machine-specific settings" checked import in the following order content groups custom protocol definitions client address sets destination sets schedules ip packet filters protocol rules - (needs machine-specific properties set) site and content rules - (needs machine-specific properties set) add all web publising rules manually from isainfo.txt file run the secure mail wizard and publish smtp in, smtp out, pop3 services enable alerts for startup, shutdown, initialization failure, no response and misconfig create weekly (6pm) and daily (8pm) reports run the ISAInfo.vbs file to compile ISA system profile GHOST THIS IMAGE WHEN WORKING WELL. Right. So, to bring to bad boy live, first change the local or South IP address to the same as the live server, and switch the server network cables (North and South) and restart the backup (to be live) server. Note that the IntraArryaddress problem must be solved as mentioned on (if you have this stupid problem). look it up.. also, to manage this bad boy remotely, you need to do this ... <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984> http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984 CHEERS, TSINGH. [ July 19, 2003, 04:38 AM: Message edited by: tsingh ] _____ Posts: 17 | From: Toronto, On, Canada | Registered: Jun 2001 | IP: <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_ip;f=1;t=002364;reply_nu m=000000> Logged Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jprato@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jprato@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')