ISA server as reverse proxy in back to back perimeter network
Posted on 2006-07-11
I wan tot build an Extranet. The current configuration is as follows. I terminate a T1 connection from our ISP with a Cisco 2821 router.This connects to a Checkpoint firewall running on a Nokia IP 380. I use an LDAP server in the DMZ which is a unique Active Directory domain. The interior firewall is a Cisco PIX 515E which is attached to a Cisco 3750 Catalyst switch which connects the LAN. I presently have IPSec site to site VPN established as well as remote access for our employees using Checpoints Secure Remote. I wish to use Checkpoints Connectra as the SSL VPN for our customers to access the Extranet. I wish to use ISA server in between the two firewalls as a reverse proxy directing traffic to the web server on our internal network. The web server will use Share Point services.
The web server is the Microsft Dynamics Business Portal 3.0. The proxy server will only be used for connection to this internal server. Will this ISA reverse proxy have to function as an additional interior firewall connected to the 3750 Catalyst switch? Or can I send the traffic from the ISA server through the PIX 515E?
Ii need some help here. I would be grateful for any comments, criticisms or suggestions. Thank you in advance.