ISA 2000 depolyment
Posted on 2004-10-22
1 full T-1 for VPN to other offices, www traffic for end users and the public WWW site in the DMZ.
1 partial T-1 that handles incoming and outgoing Exchange traffic. This is shared with telephones. I do this since the speed of mail traffic is unimportant to end users. I get 1/4 of the T-1 for data.
Circuits are from different providers so they are on different subnets. I have SonicWall on the full T-1 and a LInksys on the partial.
Current public web server is in DMZ of full T-1 and running on Linux.
Ports open in firewall for partial T-1 to allow SMTP and https and point at internal Exchange 2003 box.
We have a redesigned web site that I will deploy on a public facing Win2K3 server and eliminate the Linux box. This will go on the full T-1 in the DMZ.
I have an unused ISA 2000 license and started thinking that I might be able to put it to good use.
Here is the question.
Can I install ISA 2000 on the public web server in the DMZ and have three NICS in it? I was thinking I could have one NIC on the full T-1 for public www and as a front-end to for OWA and RPC over https and the other NIC on the partial T-1 to handle SMTP traffic to and from the Exchange server. The 3rd NIC would be for the LAN. I am researching this but I would hate to waste time on a poor idea. Thanks for the input and I hope I was clear about this.