Solved

ISA 2004 configuration DHCP, DNS , NAT

Posted on 2004-08-30
2
1,234 Views
Last Modified: 2013-11-16
Hello Everyone!

I am new to ISA and trying to install it in my office. we have about 20 client machines.
We have AD domain with 2 DC and active directory integrated DNS on both DC.
The DNS servers have ISP's DNS server as forwarders.

We have a DSL router with one public IP and a block of IPs (used for web sites by our web server)

The DSL router acts as DHCP also and as NAT .

we use 192.168.1.0 network internally.

I have gone through the ISA configuration guide and quick start guide and have a few questions.

1. I plan to set up my ISA as

DSL -> router -> ISA -> switch ->patch panel-> clients and servers... Am i right ?

2. Quick start guide says , i install DNS on ISA and configure it as STUB zone with my AD DNS servers. I did that and put ISP's DNS as forwarder on DNS on ISA. Do i Have to change anything on my AD (internal) DNS servers also ?

3. What about DHCP. Can i still use my DSL router as DHCP with current configuration ? or would i have to use a DHCP server on internal network? or do i have to install DHCP on ISA ?

4. How do i go about using NAT ? Can i still use my router ? or will have to configure somewhere else ?  

This is for now to get me started. i will probably have more questions as i get started with this.

Thanks
0
Comment
Question by:network-geek
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 50 total points
ID: 11980073
1. OK
2. Depends from your clients. Your clients should be able (at least the servers itself) to resolve names. If you allow only the servers to resolve (ISA with forwarders, DC not), you may be able to view web sites, but other services may not work. But you can point your clients to DC, your DC with forwarders to ISA, ans ISA with forwarders to your ISP..., or directly your clients to ISA as secondary zone.
3.) I would not do that, use your own. As ISA is on a secondary subnet on the external NIC, you have to allow DHCP relay through you ISA. You can better manage that inside your net. So setup DHCP on your DC and disable DHCP for your internal net on your router.
4.) No, nada, there is nothing to configure with NAT on ISA. If you want to publish servers (w.exc. of ISA), you can define server publishing rules. Otherwise, ISA will manage the NAT between internal and external Sub-Net. On you router, you can configurate, what ports are Natted into your Network. THis means, there may be pakets, which are Natted twice.

Just a few additional remarks:
Your ISA has two different subnets, one inside, and another one between ISA and router. ISA itself has one default gateway, pointing to your router (usually set on your external NIC on ISA).
0
 

Author Comment

by:network-geek
ID: 11999178
Thanks Bembi..

I will try to configure and see what comes..
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
assessing firewall rules 3 81
Router Firewall rules sonicwall ubiquiti edgerouter 3 91
iptables limit connection per ip correct way ? 2 86
Videos Blocked on espn.com 7 139
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now