ISA 2004 in a back to back Scenario

Hello,

I am in the process of setting up a Perimeter Network with Isa 2004 is a back to back environment. First, the front server is in a workgroup and the back server is a domain member. Before I  installed ISA 2004 i could ping the back server from a domain machine and from the machine that i intend to use as the front server. now i cannot. And because i am installing the enterprise edition, we need a configuration Storage server. i have setup the domain member server as the CS server. but because i cannot ping the server with the ip address of the FQDN i cannot install the isa server services on the front box.

Can some one offer me some insight as to what i am not doing properly please?


kiddkapurcjwAsked:
Who is Participating?
 
Kumar_Jayant123Connect With a Mentor Commented:
Hi,

By default once you install the ISA server 2004 EE or SE it will break all the communication from Internal as well as External Network.

Lets say you have a setup like

Internal(Storage Server)----Back ISA--------DMZ------Front ISA------Internet

Now since the Back ISA has blocked all the traffic you cannot connect the storage server. Moreover the Front ISA will be on the External network of the front ISA server.

Best way would be:
1. Create a computer set and put in the Internal IP of the Front ISA server.
2. Allow all traffic from the computer set upi created to the Storage server.
3. Now once you are through with the Installation of the ISA servers than apply the templet.

One important thing, since the Back ISA server is a part of the Domain you might need to create a rule to allow all traffic from Localhost to Internal.

Hope this helps
Kumar
0
 
kiddkapurcjwAuthor Commented:
I have done this. I created a host record for the backend firewall and statically added a route on the front end firewall to the internal network. I can ping the CSS server and the Backend proxy from the front end but when i try to install the isa on to the frontend box, it cannot located the CSS server.
0
 
kiddkapurcjwAuthor Commented:
ok guys, i have just gone for the standard version instead
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.