Solved

ISA server as reverse proxy in back to back perimeter network

Posted on 2006-07-11
3
808 Views
Last Modified: 2013-11-16
I wan tot build an Extranet. The current configuration is as follows. I terminate a T1 connection from our ISP with a Cisco 2821 router.This connects to a Checkpoint firewall running on a Nokia IP 380. I use an LDAP server in the DMZ which is a unique Active Directory domain. The interior firewall is a Cisco PIX 515E which is attached to a Cisco 3750 Catalyst switch which connects the LAN. I presently have IPSec  site to site VPN established as well as remote access for our employees using Checpoints Secure Remote. I wish to use Checkpoints Connectra as the SSL VPN for our customers to access the Extranet. I wish to use ISA server in between the two firewalls as a reverse proxy directing traffic to the web server on our internal network. The web server will use Share Point services.
The web server is the Microsft Dynamics Business Portal 3.0. The proxy server will only be used for connection to this internal server. Will this ISA reverse proxy have to function as an additional interior firewall connected to the 3750 Catalyst switch? Or can I send the traffic from the ISA server through the PIX 515E?
Ii need some help here. I would be grateful for any comments, criticisms or suggestions. Thank you in advance.

Joe
0
Comment
Question by:boksi1950
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 17084469
No, it won't need to be a firewall. ISA can still support publishing (reverse proxy) even with only one NIC installed. However, you do need to make use of the loopback connector.
The PIX515 will need to accept the forwarded traffic from the ISA through the ACL associated to its outside interface.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question