Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ISA 2004 configuration DHCP, DNS , NAT

Posted on 2004-08-30
2
Medium Priority
?
1,244 Views
Last Modified: 2013-11-16
Hello Everyone!

I am new to ISA and trying to install it in my office. we have about 20 client machines.
We have AD domain with 2 DC and active directory integrated DNS on both DC.
The DNS servers have ISP's DNS server as forwarders.

We have a DSL router with one public IP and a block of IPs (used for web sites by our web server)

The DSL router acts as DHCP also and as NAT .

we use 192.168.1.0 network internally.

I have gone through the ISA configuration guide and quick start guide and have a few questions.

1. I plan to set up my ISA as

DSL -> router -> ISA -> switch ->patch panel-> clients and servers... Am i right ?

2. Quick start guide says , i install DNS on ISA and configure it as STUB zone with my AD DNS servers. I did that and put ISP's DNS as forwarder on DNS on ISA. Do i Have to change anything on my AD (internal) DNS servers also ?

3. What about DHCP. Can i still use my DSL router as DHCP with current configuration ? or would i have to use a DHCP server on internal network? or do i have to install DHCP on ISA ?

4. How do i go about using NAT ? Can i still use my router ? or will have to configure somewhere else ?  

This is for now to get me started. i will probably have more questions as i get started with this.

Thanks
0
Comment
Question by:network-geek
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 150 total points
ID: 11980073
1. OK
2. Depends from your clients. Your clients should be able (at least the servers itself) to resolve names. If you allow only the servers to resolve (ISA with forwarders, DC not), you may be able to view web sites, but other services may not work. But you can point your clients to DC, your DC with forwarders to ISA, ans ISA with forwarders to your ISP..., or directly your clients to ISA as secondary zone.
3.) I would not do that, use your own. As ISA is on a secondary subnet on the external NIC, you have to allow DHCP relay through you ISA. You can better manage that inside your net. So setup DHCP on your DC and disable DHCP for your internal net on your router.
4.) No, nada, there is nothing to configure with NAT on ISA. If you want to publish servers (w.exc. of ISA), you can define server publishing rules. Otherwise, ISA will manage the NAT between internal and external Sub-Net. On you router, you can configurate, what ports are Natted into your Network. THis means, there may be pakets, which are Natted twice.

Just a few additional remarks:
Your ISA has two different subnets, one inside, and another one between ISA and router. ISA itself has one default gateway, pointing to your router (usually set on your external NIC on ISA).
0
 

Author Comment

by:network-geek
ID: 11999178
Thanks Bembi..

I will try to configure and see what comes..
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question