• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1316
  • Last Modified:

ISA 2004 configuration DHCP, DNS , NAT

Hello Everyone!

I am new to ISA and trying to install it in my office. we have about 20 client machines.
We have AD domain with 2 DC and active directory integrated DNS on both DC.
The DNS servers have ISP's DNS server as forwarders.

We have a DSL router with one public IP and a block of IPs (used for web sites by our web server)

The DSL router acts as DHCP also and as NAT .

we use 192.168.1.0 network internally.

I have gone through the ISA configuration guide and quick start guide and have a few questions.

1. I plan to set up my ISA as

DSL -> router -> ISA -> switch ->patch panel-> clients and servers... Am i right ?

2. Quick start guide says , i install DNS on ISA and configure it as STUB zone with my AD DNS servers. I did that and put ISP's DNS as forwarder on DNS on ISA. Do i Have to change anything on my AD (internal) DNS servers also ?

3. What about DHCP. Can i still use my DSL router as DHCP with current configuration ? or would i have to use a DHCP server on internal network? or do i have to install DHCP on ISA ?

4. How do i go about using NAT ? Can i still use my router ? or will have to configure somewhere else ?  

This is for now to get me started. i will probably have more questions as i get started with this.

Thanks
0
network-geek
Asked:
network-geek
1 Solution
 
BembiCEOCommented:
1. OK
2. Depends from your clients. Your clients should be able (at least the servers itself) to resolve names. If you allow only the servers to resolve (ISA with forwarders, DC not), you may be able to view web sites, but other services may not work. But you can point your clients to DC, your DC with forwarders to ISA, ans ISA with forwarders to your ISP..., or directly your clients to ISA as secondary zone.
3.) I would not do that, use your own. As ISA is on a secondary subnet on the external NIC, you have to allow DHCP relay through you ISA. You can better manage that inside your net. So setup DHCP on your DC and disable DHCP for your internal net on your router.
4.) No, nada, there is nothing to configure with NAT on ISA. If you want to publish servers (w.exc. of ISA), you can define server publishing rules. Otherwise, ISA will manage the NAT between internal and external Sub-Net. On you router, you can configurate, what ports are Natted into your Network. THis means, there may be pakets, which are Natted twice.

Just a few additional remarks:
Your ISA has two different subnets, one inside, and another one between ISA and router. ISA itself has one default gateway, pointing to your router (usually set on your external NIC on ISA).
0
 
network-geekAuthor Commented:
Thanks Bembi..

I will try to configure and see what comes..
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now