I have a Cisco ASA 5520 as my perimeter firewall. I want to implement a second firewall Ceslstix MSA 3000 which is essentially and ISA 2004 box.
Right now I’m running Windows 2K3 SE, which I have DNS, and DHCP set up on. My internal network is in the 10.0.0.x range with a default gateway of 10.0.0.1 which is assigned to the Cisco internal interface. The way I magine this working is my e-mail server (Exchange 2003) and my web servers (running windows 2003) will have a new IP range of 192.168.0.x. The Celestix box will have 10.0.0.1 for the LAN interface and 126.96.36.199 for the WAN. The Cisco will the have 192.168.0.1 for the LAN and 208.x.x.x for the WAN interface.
My question is in theory this should work, right? Or am I going about this the wrong way? I’m assuming that on the Cisco end all I will need to do is flip-flop the numbers. In other words, to now accept traffic from 192.168.0.x range instead of 10.0.0.x to, change the NAT from 10.0.0.x to 192.168.0.x - Am I correct in this assumption? The default gateway now becomes 192.168.0.1 for the Exchange and Webserver. But what should I use for DNS since my internal DNS server will stil be in the 10.0.0.x range. Will it see it? I am also assuming I should not have to reconfigure my DHCP server as well or do I?
If some can help me with that has knowledge of ISA Server 2004 that would be great. If you have knowledge of ISA and Cisco ASA/PIX that is even better.