margotsk
asked on
Connecting device directly bypassing ISA
Hi there,
I was just hired by non-profit organization to do tech staff and one of the problems is that i am new to Microsoft ISA(internet security and Acces..) and to network overall. One of the users wants to use broadband videoPhone on LAN, which is device with its own firewall and needs to be connect directly to internet. However, there is simple ISA setup and Cisco 675 router configured in server side. I have been trying to figure out what would be the best way to conect only this paricular device directly to internet bypassing filters
Thank's
makapacs
P.S there is idea on conecting between the ISA external interface and the LAN interface of the Cisco router, but in office where the device and user PC is placed, has only one jack in use. So we are using a switch to connect PC and device. I guess i could connect that particular jack to external subnet, but then the user PC will not be in business domain any more. Is there a way around?
I was just hired by non-profit organization to do tech staff and one of the problems is that i am new to Microsoft ISA(internet security and Acces..) and to network overall. One of the users wants to use broadband videoPhone on LAN, which is device with its own firewall and needs to be connect directly to internet. However, there is simple ISA setup and Cisco 675 router configured in server side. I have been trying to figure out what would be the best way to conect only this paricular device directly to internet bypassing filters
Thank's
makapacs
P.S there is idea on conecting between the ISA external interface and the LAN interface of the Cisco router, but in office where the device and user PC is placed, has only one jack in use. So we are using a switch to connect PC and device. I guess i could connect that particular jack to external subnet, but then the user PC will not be in business domain any more. Is there a way around?
ASKER
Thank's Marakush for getting back,
I wonder if you could list step-by-step that i have to take in order to make it work. All of the servers are runing on one mashine which is conected to Cisco 675 router. I will have port numbers that vidiophone uses tommorow.
thank's
margotsk
I wonder if you could list step-by-step that i have to take in order to make it work. All of the servers are runing on one mashine which is conected to Cisco 675 router. I will have port numbers that vidiophone uses tommorow.
thank's
margotsk
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
EDIT: "it reqires that the DMZ have its own network card" is supposed to read: "it requires the server running the ISA to have a dedicated NIC card that will be directly connected to the video phone."
Thanks DebbieFost...
Personally I do not like using a primary server to act as the router and DMZ its just a beef I have after the melissa.virus and a small client got hammered... Ever sense... I've just been very weary about it...
DebbieFost's suggestion will also work if you do not want the added cost of new hardware.
Cheers!
Marakush
Personally I do not like using a primary server to act as the router and DMZ its just a beef I have after the melissa.virus and a small client got hammered... Ever sense... I've just been very weary about it...
DebbieFost's suggestion will also work if you do not want the added cost of new hardware.
Cheers!
Marakush
ASKER
Thank's for responding.
Before i post this thread, i was not aware of possibility to conect this device through the company's ISA firewall by opening certain ports. I guess DMZ is an option as well since the device has its own firewall, but problem is that it has to be conected directly, but in the office where the videophone, has only on jack for PC and VideoPhone. So at this time the best bet seems to be opening ports. I would still like to split the points, but 400 since i haven't solve the problem yet and I encourage you to get rest of 100 points by helping me open the range of ports posted in thread https://www.experts-exchange.com/questions/21169826/how-to-open-range-of-ports-in-one-filter-ISA.html
Marakush 300p and DebbieFost 100p
Thank you one more time
m
Before i post this thread, i was not aware of possibility to conect this device through the company's ISA firewall by opening certain ports. I guess DMZ is an option as well since the device has its own firewall, but problem is that it has to be conected directly, but in the office where the videophone, has only on jack for PC and VideoPhone. So at this time the best bet seems to be opening ports. I would still like to split the points, but 400 since i haven't solve the problem yet and I encourage you to get rest of 100 points by helping me open the range of ports posted in thread https://www.experts-exchange.com/questions/21169826/how-to-open-range-of-ports-in-one-filter-ISA.html
Marakush 300p and DebbieFost 100p
Thank you one more time
m
The easyiest way to do this is to add the device to the DMZ of the firewall and open the needed ports to the device. You need to check the documentation of the device and make sure you have the port numbers on the firewall open to that device. Also by putting in the DMZ you can assign it a real IP address.
Marakush