Solved

Connecting device directly bypassing ISA

Posted on 2004-10-13
7
370 Views
Last Modified: 2013-11-16
Hi there,
I was just hired by non-profit organization to do tech staff and one of the problems is that i am new to Microsoft ISA(internet security and Acces..) and to network overall. One of the users wants to use broadband videoPhone on LAN, which is device with its own firewall and needs to be connect directly to internet. However, there is simple ISA setup and Cisco 675 router configured in server side. I have been trying to figure out what would be the best way to conect only this paricular device directly to internet bypassing filters
Thank's
makapacs
P.S there is idea on conecting between the ISA external interface and the LAN interface of the Cisco router, but in office where the device and user PC is placed, has only one jack in use. So we are using a switch to connect PC and device. I guess i could connect that particular jack to external subnet, but then the user PC will not be in business domain any more. Is there a way around?
0
Comment
Question by:margotsk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 8

Expert Comment

by:Marakush
ID: 12299087
margotsk,

The easyiest way to do this is to add the device to the DMZ of the firewall and open the needed ports to the device. You need to check the documentation of the device and make sure you have the port numbers on the firewall open to that device. Also by putting in the DMZ you can assign it a real IP address.

Marakush
0
 

Author Comment

by:margotsk
ID: 12300753
Thank's Marakush for getting back,
I wonder if you could list step-by-step that i have to take in order to make it work. All of the servers are runing on one mashine which is conected to Cisco 675 router. I will have port numbers that vidiophone uses tommorow.
thank's
margotsk
0
 
LVL 8

Assisted Solution

by:Marakush
Marakush earned 350 total points
ID: 12300987
margotsk,

Okay first things first... you are going to need another piece of hardware, a firewall.. It will need a DMZ option. Frankly you should have one in place even if you weren't doing this thing with the video, just to protect your office.

What is your IP address scheme like? (depending, you might have to request a small IP address block from your ISP, which is going to be another hardware change, but that depends on a few factors)

Here is a listing of a few firewall appliances on the market.

http://www.nextag.com/serv/main/buyer/OutPDir.jsp?search=firewall&x=0&y=0&node=0

You might want to consider a PIX 501 or Sonicwall pro series, both will fit your needs. The 501 is nice but expencive and not the easyiest thing in the world to configure, but secure if its configured correctly. The Sonicall is a nice middle of the road in price, protection and ease of configuration.

Okay get back to me on the configuration of your IP addressing, your current router / current router configuration, and check out a firewall appliance.

(Depending on your router, we might be able to just do a pass though on the needed ports to the devices LAN address)

Marakush
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Accepted Solution

by:
DebbieFost earned 150 total points
ID: 12310094
if you want to create a DMZ with an ISA server it reqires that the DMZ have its own network card that is connected directly to the videophone. for a better understanding check out this website : http://www.isaserver.org/tutorials/ISA_Server_DMZ_Scenarios.html

Thats the only way to create a direct conneciton to the internet with an ISA server (that i know of). The route that Marakush was explaining would involve just removing ISA and relying directly on the hardware firewall/router that you would install, which isnt that bad of an idea either.
0
 

Expert Comment

by:DebbieFost
ID: 12310122
EDIT: "it reqires that the DMZ have its own network card" is supposed to read: "it requires the server running the ISA to have a dedicated NIC card that will be directly connected to the video phone."
0
 
LVL 8

Expert Comment

by:Marakush
ID: 12310248
Thanks DebbieFost...

Personally I do not like using a primary server to act as the router and DMZ its just a beef I have after the melissa.virus and a small client got hammered... Ever sense... I've just been very weary about it...

DebbieFost's suggestion will also work if you do not want the added cost of new hardware.

Cheers!

Marakush
0
 

Author Comment

by:margotsk
ID: 12338662
Thank's for responding.
Before i post this thread, i was not aware of possibility to conect this device through the company's ISA firewall by opening certain ports. I guess DMZ is an option as well since the device has its own firewall, but problem is that it has to be conected directly, but in the office where the videophone, has only on jack for PC and VideoPhone. So at this time the best bet seems to be opening ports. I would still like to split the points, but 400 since i haven't solve the problem yet and I encourage you to get rest of 100 points by helping me open the range of ports posted in thread http://www.experts-exchange.com/Security/Q_21169826.html
Marakush 300p and DebbieFost 100p
Thank you one more time
m
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question