mivbinfotech
asked on
Installing ISA With 1 NIC And restricting each user to a specific set of sites is it Possible
I current have a network of 25 users on a Windows 2000 Network
The way we connect to internet currently we use an ADSL Line to connect.
I have installed the PIX 501 firewall the Ip of which is the default gateway on all the machines and the server. and all the clients and the server and the PIX is connected to the Switch. Thats how we access it Now.
Now i want to make the server IP the default gateway and restrict some users from accessing some sites and i want to do this with only 1 NIC installed in my server is it possible to do this with installing ISA.
I also need my users to connect to a VPN server which is located out side my network basically my users should be able to PPTP / 1723 as clients to the VPN server from my network through the internet.
Please advise
The way we connect to internet currently we use an ADSL Line to connect.
I have installed the PIX 501 firewall the Ip of which is the default gateway on all the machines and the server. and all the clients and the server and the PIX is connected to the Switch. Thats how we access it Now.
Now i want to make the server IP the default gateway and restrict some users from accessing some sites and i want to do this with only 1 NIC installed in my server is it possible to do this with installing ISA.
I also need my users to connect to a VPN server which is located out side my network basically my users should be able to PPTP / 1723 as clients to the VPN server from my network through the internet.
Please advise
If you want a fast and simple way to block sites from the network try this...
If all clients are useing DHCP from server, change the defult gateway to the server along with DNS. DNS should already be pointing to the server but just incase.
Then in DNS go to your domains forward lookup zone and add a new domain for the web sites you want blocked.
example would be yahoo.com. By creating this domain on your dns server the DNS server becomes the SOA for yahoo and all requests for that domain are resolved by the server. Because the yahoo web site is not in your domain a failure is returned to the clients.
This can be beat real easy if they change there machine to static IPs and grab a public DNS server.
Let me know what you think.
I must say that the best way is to add a WWW gareway be it ISA in a 2 NIC box or a bluecoat or something that all traffic MUST pass. Another product that is way more then your looking for but rather cool is SpectorCNE $500.00 for 10 boxes but that will do a whole bunch of things for you so check it out.
kelo501
If all clients are useing DHCP from server, change the defult gateway to the server along with DNS. DNS should already be pointing to the server but just incase.
Then in DNS go to your domains forward lookup zone and add a new domain for the web sites you want blocked.
example would be yahoo.com. By creating this domain on your dns server the DNS server becomes the SOA for yahoo and all requests for that domain are resolved by the server. Because the yahoo web site is not in your domain a failure is returned to the clients.
This can be beat real easy if they change there machine to static IPs and grab a public DNS server.
Let me know what you think.
I must say that the best way is to add a WWW gareway be it ISA in a 2 NIC box or a bluecoat or something that all traffic MUST pass. Another product that is way more then your looking for but rather cool is SpectorCNE $500.00 for 10 boxes but that will do a whole bunch of things for you so check it out.
kelo501
It is not possible to run ISA on a 1 NIC box.
It is possible to run ISA 2000 in firewall mode on a single NIC box, but you get heaps of errors every time the server tries to access a site "ISA server could not create a packet filter for IP 123.123.123.123" which just clog up the even logs. This lets you make it the default gateway, but you'll never be able to properly troubleshoot the server again.
It is possible to run ISA server in Caching only mode on a single NIC, which is supported, and gives you content control for http, but nothing else.
You need to add the blocked sites to a destination set, then add the destination set to a deny protocol rule. www.isaserver.org has some great tutorials on ISA
It is possible to run ISA server in Caching only mode on a single NIC, which is supported, and gives you content control for http, but nothing else.
You need to add the blocked sites to a destination set, then add the destination set to a deny protocol rule. www.isaserver.org has some great tutorials on ISA
ASKER
Please advise how to do user specific blocking in ISA 2000 i want to block a specific set of users from accessing the sites.
for example
USER SET 1 --- >>> msn.com / yahoo.com / etc. should be blocked
USER SET 2 --->>> msn.com / yahoo.com / shoule be accessible from within the same network
Please advise anything you can help on this
Also tell me about VPN as written earlier.
Regards
for example
USER SET 1 --- >>> msn.com / yahoo.com / etc. should be blocked
USER SET 2 --->>> msn.com / yahoo.com / shoule be accessible from within the same network
Please advise anything you can help on this
Also tell me about VPN as written earlier.
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanx