Solved

Public IP addresses configuration in ISA 2004

Posted on 2006-11-20
3
200 Views
Last Modified: 2013-11-16
Greetings. I have a Web and Exchange server that I want to move behind an ISA 2004 Firewall. The two servers have public addresses that are associated with their own DNS records. Example:

mail.domain.com = XXX.XXX.XXX.XXX
web.domain.com = XXX.XXX.XXX.XXX

Currently these servers have two NIC's one public and one private. The ISA server is a third server. My question is, once I move these two servers behind the ISA where do I put the public IP addresses? Do I need to add them to the ISA servers and keep only internal IP on the servers or do I keep them on each server and redirect traffic there. I'd like for ISA to control the traffic going to these boxes. What would be my best and mosrt secure option?

Thanks!
0
Comment
Question by:menendeza
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 17986551
On your external router, redirect traffic for both addresses to the external nic of the isa.

On the ISA, use the publishing rules to redirect the traffic to the internal IP addresses (do NOT use server names in the publishing rules,just IP addresses). In the mail server publishing rule, its extremely straight forward, in the web publishing rule, in addition to the ip address of the now internal web server you will also put in the FQDN for the site it is to respond to i.e. www.yourdomain.co.uk etc. This is the most common way of doing things allowing the external nic of the ISA and its link to the internal nic of the external firewall to operate across a private network range giving you an additional security zone.

Alternatively, if you are bridging the addresses, put both real IP's on the ISA server external NIC. It would be important though to ensure that the physical NIC matches the IP address assigned to your MX record else you may fall foul of the reverse DNS issues.

Keith
0
 

Author Comment

by:menendeza
ID: 17987782
Thank you very much Keith.

I guess, since we don't manage the router (ISP does) I use the second option for adding the external IP's to the external NIC of the ISA.  Appreciate your help!

Angel
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17989537
:)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Opening Port 80 10 66
Netgear WMS5316 Guest SSiD 1 78
Security Geteway Sonicwall 7 116
How do I restrict App Service access to specific IPs (i.e. firewall)? 4 65
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question