Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ISA server as reverse proxy in back to back perimeter network

Posted on 2006-07-11
3
Medium Priority
?
831 Views
Last Modified: 2013-11-16
I wan tot build an Extranet. The current configuration is as follows. I terminate a T1 connection from our ISP with a Cisco 2821 router.This connects to a Checkpoint firewall running on a Nokia IP 380. I use an LDAP server in the DMZ which is a unique Active Directory domain. The interior firewall is a Cisco PIX 515E which is attached to a Cisco 3750 Catalyst switch which connects the LAN. I presently have IPSec  site to site VPN established as well as remote access for our employees using Checpoints Secure Remote. I wish to use Checkpoints Connectra as the SSL VPN for our customers to access the Extranet. I wish to use ISA server in between the two firewalls as a reverse proxy directing traffic to the web server on our internal network. The web server will use Share Point services.
The web server is the Microsft Dynamics Business Portal 3.0. The proxy server will only be used for connection to this internal server. Will this ISA reverse proxy have to function as an additional interior firewall connected to the 3750 Catalyst switch? Or can I send the traffic from the ISA server through the PIX 515E?
Ii need some help here. I would be grateful for any comments, criticisms or suggestions. Thank you in advance.

Joe
0
Comment
Question by:boksi1950
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 750 total points
ID: 17084469
No, it won't need to be a firewall. ISA can still support publishing (reverse proxy) even with only one NIC installed. However, you do need to make use of the loopback connector.
The PIX515 will need to accept the forwarded traffic from the ISA through the ACL associated to its outside interface.

0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question